Managing  open  source 

From  a  new  industry  organization  to  upgraded 
tools,  open  source  network  management  is 
gaining  steam.  PAGE  8. 


About  that  bill 

Verizon  Business  promises  its  telecom  expense  manage¬ 
ment  service  will  catch  billing  errors  . . .  even  its  own. 

PAGE  10. 


Blogging  out  of  bounds 

’Net  Buzz  tries  a  case  that  involves  a  law  professor,  an 
adware  expert  and  a  class-action  suit  against  Yahoo. 

PAGE  66. 


The  leader  in  network  knowledge  ■www.networkworld.com  May  15,  2006  ■  Volume  23,  Number  19 


®  WiderNet 


The  Minneapolis  Public  Library’s  high-tech  book  handling  system, 
similar  to  the  one  pictured  here,  will  process  6,000  items  per  hour. 


And  it  even  has  books 

New  library  packed  with  state-of-the-art  technology. 


BY  ANN  BEDNARZ 


MINNEAPOLIS  —  It  was  biting  cold  in  Minneapolis  on 
Feb.  17,  the  day  the  city’s  public  library  IT  staff  moved 
their  gear  from  a  temporary  site  to  the  new,  high-tech 
library  downtown. 

“The  day  started  out  at  minus  15  at  my  house  and  the  wind 
chill  was  about  minus  35,”  recalls  Sharon  Kinsmith,  manager  of 
systems  and  telecommunications  for  the  Minneapolis  Public 

See  Library,  page  65 


Google  calls  search 
its  key  to  enterprise 


BY  JOHN  FONTANA 

MOUNTAIN  VIEW  CALIF  —  Google  has  its  eye  on 
the  enterprise.  The  company  doesn’t  plan  to  come 
busting  through  the  front  door,  however,  but  is  bank¬ 
ing  on  its  search  technology  and  user  adoption  of  its 
productivity  tools  to  get  onto  corporate  desktops. 

The  company  last  week  introduced  at  its  annual 
press  day  a  number  of  tools  that  will  help  users  find, 
organize  and  share  information. The  tools,  which  are 
intended  to  enhance  searching,  include  Version  4.0 
of  Google  Desktop,  which  features  small,  customized 
applications  called  Gadgets;  Google  Co-op  for  tar¬ 
geted  searching  and  sharing  of  links;  and  Google 
Notebook  for  capturing, saving  and  sharing  links  and 
text  from  online  research. 

“The  corporate  products  we  are  doing  step  by  step,” 
said  Eric  Schmidt,  CEO  of  Google. “We  just  did  One- 
Box,  which  allows  you  to  get  data  securely  from  en¬ 
terprise  back  ends.You  should  expect  more  of  that  in 
the  future.” 

Nearly  all  of  Google’s  revenue  comes  from  online 


ads,  and  while  that  business  is  under  pressure  from 
Yahoo  and  Microsoft,  the  enterprise  represents  a 
wealth  of  potential,  especially  as  Web-based  services 
and  Web  2.0  technologies  are  taking  off. 

Google  officials  repeatedly  said  last  week  they 
were  refocusing  their  efforts  on  being  a  search  com¬ 
pany  because  they  believe  that  is  where  the  future 
lies  and  Yahoo,  Microsoft  and  others  are  not  focused 
on  that  area.  Google  claims  to  devote  70%  of  its 
development  efforts  to  search,  and  Schmidt  said  it 
had  fallen  behind  on  that  tenet. 

He  said  the  strategy  would  be  to  build  everything 
around  search,  and  the  products  introduced  last 
week  were  described  as  “advancing  the  state  of  the 
art  in  search." 

Analysts  say  coming  into  the  enterprise  on  the  back 
of  Google’s  Search  Appliance  may  be  Google’s  best 
bet,  but  that  doesn’t  mean  others  aren’t  watching. 

“Growing  from  the  bottom  up  sounds  right,”  says 
Matt  Brown,  an  analyst  with  Forrester  Research. “But 

See  Google,  page  14 


Sarbanes-Oxley:  Too  much  for  too  little? 


BY  ANN  BEDNARZ 

Faced  with  a  tidal  wave  of  com¬ 
plaints  about  high  costs  and 
implementation  difficulties,  fed¬ 
eral  regulators  say  they  will  con¬ 
sider  modifying  rules  and  audit¬ 
ing  standards  related  to  the 
Sarbanes-Oxley  Act. 


Executives  from  companies  in¬ 
cluding  General  Electric,  Lock¬ 
heed  Martin  and  Emerson  Electric 
spoke  about  the  challenges  of 
complying  with  the  legislation 
during  an  all-day  roundtable  held 
last  week  in  Washington,  D.C.  Most 
participants  agreed  that  two  years 


of  SOX  compliance  has  shored  up 
corporate  accounting  practices  — 
but  at  a  cost  that’s  lopsided  com¬ 
pared  with  the  benefits  gained. 

The  Securities  and  Exchange 
Commission  (SEC)  and  the  Public 
Company  Accounting  Oversight 
Board  (PCAOB)  arranged  the 
roundtable  to  solicit  feedback 
about  SOX  Section  404,  which 
requires  companies  to  attest  to  the 
effectiveness  of  internal  controls 
put  in  place  to  protect  financial 
reporting  systems  and  processes. 
Representatives  from  these  bodies 
said  they’re  open  to  suggestions 
about  how  to  relax  the  burden  of 
Section  404  compliance. 

See  SOX,  page  16 
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Voice  over 


HOW  TO  SECURE  your  VoIP  network: 

Security  expert  Dave  Piscitello  runs  down  the  top 
VoIP-specific  threats  and  provides  a  checklist  of 
countermeasures,  page  45. 


The  BUSINESS  CASE 

for  VoIP:  Results  from  an 
exclusive  Nemertes  Research 
study  provide  benchmarks  for 
how  much  you  should  be 
spending  for  your  VoIP  rollout 
and  how  to  calculate  the 
payback,  page  50. 
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THERE  IS  AN  ALTERNATIVE 


Your  global  IP  carrier  should  set  you  free,  not  hold 
you  down.  It  should  be  nimble  and  flexible  enough 


to  deliver  innovative  IP  solutions  and  superior 
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support  yet  expansive  enough  to  offer  the  global 
scope  and  scale  your  business  requires.  Enter 
Global  Crossing.  Our  wholly-owned  global  IP 
network  connects  you  virtually  anywhere  instantly. 
It  works  effortlessly  with  your  current  legacy  system 
and  with  IP  services  yet  to  be  envisioned.  All  with 


the  security,  support  and  control  you'd  expect  from 
an  industry  leader.  It's  no  wonder  so  many 


Global  Crossing* 


One  planet.  One  network.™ Infinite  possibilities 


FORTUNE  500®  companies  depend  on  us.  Learn 
more  at  www.globalcrossing.com 


£  2006  Microsoft  Corporation.  All  rights  reserved  Microsoft,  Windows,  the  Window  s  logo,  and 
Server  are  either  registered  trademarks  or  trademarks  of  Microsoft.  Corporation  in  the  United  Stai 
other  countries:  The  names  of  actual  companies  and  oioducU  mentioned  herein  may  be  the  trad 
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For  these  and  other  third-party  findings,  go  to 
microsoft.com/getthefacts 
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Microsoft * 


gf GET  THE  FACTS. 


TELEFLORA  CHOSE  WINDOWS  SERVER 


OVER  LINUX  AND  UNIX,  AND  SAVED  35% 
IN  DEVELOPMENT  COSTS. 


"Developing  our  new  POS  system  on  Windows 
Server™  2003  and  .NET  cost  us  35%  less  than 
a  Linux  or  UNIX  solution,  and  we're  able  to 
deploy  new  features  and  new  services  twice 
as  fast.  That  gives  us  and  our  25,000  florist 
customers,  a  crucial  advantage  in  our  rapidly 
changing  industry." 

-Jim  sipion,  evp/cto  teleflora. 
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The  ultraportable  HP  Compaq 
nc2400  weighs  less  than  3 
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The  threats  are  out  there  —  phreak- 
ers,  fraudsters,  SPIT,  RATS,  men-in-the- 
middle,  broadcast  storms  —  but  there 
are  countermeasures  you  can  take  to 
protect  your  VoIP  network.  Page  45 


The  business  case  for  VoIP: 


Results  from  an  exclusive 
Nemertes  Research  study  shows 
that  companies  are  taking  their 
VoIP  deployments  more  seri¬ 
ously  these  days  —  spend¬ 
ing  more  money  on  plan¬ 
ning  and  making  sure 
they  can  document 
ROI.  Page  50 
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Vista  news  and  blog 

News  about  Microsoft's  Windows 
replacement  is  coming  faster  these 
days,  Keep  up  to  date  with  our  new 
Vista  page. 

DocFinder:  3446 

ITVideo:  Kodak  combines  imaging 
and  wireless 

Cool  Tools  Editor  Keith  Shaw  gives 
you  a  glimpse  at  technology  from 
Kodak  that  could  make  for  better 
cameraphone  photos. 

DocFinder:  3447 


Gibbsblog:  Vonage,  enough  already 

Columnist  Mark  Gibbs  uses  Vonage, 
which  means  he's  getting  deluged 
with  messages  from  the  company 
about  its  upcoming  IPO,  which 
means  he's  getting  annoyed. 
DocFinder:  3448 

Vista  and  faxes 

Columnist  James  Gaskin  takes  a  look 
at  the  implications  of  the  (sure  to 
ship  eventually)  Microsoft  Vista  and 
a  federal  law  on  the  topic  of  digital 
signatures.  DocFinder:  3449 


Online  help  and  advice 

Problems  sending  e-mail  to  one 
particular  company 

Help  desk  guru  Ron  Nutter  tries  to 
help  a  user  whose  e-mail  just  won't 
go  through  to  one  company. 

DocFinder:  3450 

State  of  the  threats 

James  Gaskin  discusses  spam  and 
other  security  stuff  and  solicits 
recommendations  for  the  best  SMB 
resellers  DocFinder:  3451 

HIPAA  troubles 

A  security  manager  for  a  state 


agency  is  concerned  about  how  the 
agency  is  complying  with  the  Health 
Insurance  Portability  and  Account¬ 
ability  Act  —  to  the  point  of  wor¬ 
rying  whether  he  could  one  day 
face  jail  time.  Read  his  particulars, 
then  suggest  answers. 

DocFinder:  3452 

All  hail  PDAs 

Anaylst  Robin  Gareiss  explains  how 
the  devices  could  keep  you  up  and 
running  even  if  your  primary 
broadband  connection  goes  down. 

DocFinder:  3453 
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Application  &  Content  Security:  Building  The  Defensible  Network 

Learn  how  today's  "fortress  network"  integrates  VoIP  and  wireless  into 
the  security  grid:  implements  automatic  patch  management;  audits  per¬ 
formance  and  identifies  weaknesses;  and  protects  core  data  and  critical 
applications.  Attend  the  free  Technology  Tour  event  your  enterprise 
doesn't  want  you  to  miss,  For  cities  and  dates  and  how  to  qualify  to 
attend  free,  see:  DocFinder:3455 
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We’ve  made  it  easy  to  access  articles  and  resources 
online.  Simply  enter  the  four-digit  DocFinder  number  in 
the  search  box  on  the  home  page,  and  you’ll  jump  directly 
to  the  requested  information. 
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Microsoft,  Google  dodge  the  obvious 

■  Microsoft  CEO  Steve  Ballmer  last  week  downplayed  his  com¬ 
pany’s  rivalry  with  Google,  saying  Microsoft  is  more  focused  on 
creating  Internet  content  and  other  services  that  will  lure  adver¬ 
tising  revenue  than  on  what  Google  specifically  is  doing.The 
thought  echoed  a  comment  made  by  Google  Co-founder  and 
President  of  Products  Larry  Page  at  a  Google  press  event  the 
day  before.  Page  said  that  Google  is  too  busy  creating  its  own  services  to  cast 
more  than  a  wary  eye  on  Microsoft.  Despite  his  comment,  Ballmer  said  Microsoft 
is  determined  to  climb  to  the  top  of  the  Internet  advertising  revenue  chain  from 
its  current  No.  3  position. That  means  Google,  which  is  No.  1  in  Internet  advertising 
revenue,  is  in  the  company’s  way  “  We’d  like  to  be  No.  2  and  then  No.  1  in  advertis¬ 
ing,”  he  said,  adding,  “Let’s  not  focus  on  Google.The  key  is,  what  about  the  advertis¬ 
ing  business  model?  Have  we  done  everything  we  need  to  do  to  drive  advertising 
as  a  business  model?” 


T1  leGoodTheBadTheUgly 

<  Spammer  gets  the  slammer,  a 

20-year-old  member  of  the  “Botmaster  Underground" 
who  pled  guilty  to  federal  charges  of  conspiracy,  fraud  and 
damaging  government  computers  last  week,  was  handed  a 
57-month  prison  term  —  the  longest  such  penalty  ever 
given  for  spreading  computer  viruses,  according  to  a 
Reuters  report.  Jeanson  James  Ancheta  was  convicted  of 
infiltrating  computers  and  turning  them  into  zombies  capa¬ 
ble  of  distributing  spam,  the  report  says. 
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RFID  innovation  promises  privacy 

■  Sometimes  innovative  ideas  are  simple.  Here’s  one: 
an  RFID  chip  with  a  perforated  edge  that  lets  con¬ 
sumers  tear  off  part  of  the  antenna  after  purchasing 
an  item,  reducing  the  distance  of  the  signal  and  eas¬ 
ing  privacy  concerns.  The  Clipped  Tag  label  is  the 
brainchild  of  Paul  Moskowitz,  an  inventor  and 
researcher  at  IBM.Ultrahigh  frequency  radio  frequen¬ 
cy  identification  tags  are  generally  readable  at  dis¬ 
tances  up  to  30  feet,  but  the  Clipped  Tag  innovation 
reduces  that  distance  to  between  1  and  2  inches. 
“This  means  that  the  tag  can  only  be  read  if  the  con¬ 
sumer  holds  the  tag  up  to  a  reader/  Moskowitz  said 
Wednesday.  “It  puts  choice  in  the  hands  of  the  con¬ 
sumer’’ IBM  has  tasted  the  commercial  adaptability  of 
the  Clipped  Tag  system  with  Marnlen  Management, 
which  manufacturers  RFID  labels,  and  Printronix,  a 
producer  of  printing  systems. 

DoD  taps  Microsoft  maps 

■  A  U.S.  Department  of  Defense  agency  and  Microsoft 
will  collaborate  to  improve  Microsoft’s  Virtual  Earth 

mmmm  COMPENDIUM 

Back  it  up  -  again 

An  Oregon  hospital  reports  it  lost  5,000 
archived  X-ray  images  when  four  of  the  five 
hard  drives  in  its  GE  storage  system  died. 

GE  is  now  building  the  hospital  a  backup 
storage  system.  Find  out  more  at 
www.nwdocfinder.com/3445. 


“Microsoft's  brand  is  synony¬ 
mous  with  a  lot  of  things,  but 
security  is  not  one  of  them.” 

John  Thompson,  CEO  of  Symantec,  speaking  at  the  Symantec 
Vision  Conference  last  week 

See  story  at  www.nwdocfinder.com/3458 

mapping  program  for  military  and  non-military  pur¬ 
poses,  the  company  announced  last  week.  Microsoft 
signed  a  letter  of  understanding  with  the  National 
Geospatial-Intelligence  Agency  which  is  a  Department 
of  Defense  combat  support  agency,  the  company  said. 
Microsoft  and  NGA  will  use  Virtual  Earth,  part  of 
Microsoft’s  Windows  Live,  for  tasks  such  as  guiding 
relief  efforts  for  natural  disasters.  The  program  was 
used  during  Hurricane  Katrina  last  year  to  direct  first 
responders  and  government  branches,  Microsoft  said. 
Neither  party  specified  the  potential  military  applica¬ 
tions  of  Virtual  Earth  or  its  APIs  beyond  “national  secu¬ 
rity  efforts.” 

Philly  council  OKs  Wi-Fi  plan 

■  Philadelphia’s  city  council  has  approved  a  con¬ 
tract  for  a  citywide  Wi-Fi  network  it  hopes  will  stimu¬ 
late  the  economy  of  the  fifth-largest  U.S.  city  and 
bring  broadband  Internet  access  to  poor  neighbor- 
hoods.The  council  unanimously  approved  the  deal, 
under  which  ISP  EarthLink  will  pay  for  the  network 
and  operate  it  at  no  cost  to  the  city, said  an  EarthLink 


Ddl  iSSlICS  warning.  Dell  spooked  investors  last  week 
by  warning  that  it  will  miss  its  quarterly  profit  forecast  and  barely  hit 
its  revenue  estimate.  The  company  attributed  the  shortfall  to  a  deci¬ 
sion  to  cut  prices,  though  CEO  Kevin  Rollins  pledged  that  the  strategy 
will  generate  strong  growth  in  the  future. 

Chapter  11  for  Silicon  Graphics.  Things  con¬ 
tinue  to  go  downhill  for  Silicon  Graphics,  as  the  high-end  computing 
vendor  last  week  filed  for  Chapter  11  bankruptcy  protection.  As  part  of 
a  restructuring,  the  company  said  it  would  cut  its  debt  by  S250  mil¬ 
lion.  The  company,  which  has  been  hurt  by  the  explosion  of  low-cost 
alternatives  to  its  workstations  and  servers,  is  hoping  to  emerge  from 
Chapter  11  by  year-end. 


spokesman. The  contract  must  still  be  signed  off  by 
the  city  solicitor,  or  attorney,  and  by  Mayor  John 
Street,  but  there  are  no  more  major  political  hurdles 
to  be  crossed.  Philadelphia’s  wireless  plan  inflamed 
a  national  debate  over  municipal  networks,  with 
established  broadband  providers  criticizing  the  fair¬ 
ness  and  the  business  wisdom  of  governments  get¬ 
ting  involved  in  owning,  operating  or  maintaining 
broadband  systems.  Once  Philadelphia’s  wireless 
plan  is  approved  by  the  mayor,  EarthLink  will  seek 
permits  and  hopes  to  start  rolling  out  the  network  in 
mid-June. 

Mitel  files  for  IPO 

■  IP  PBX  maker  Mitel  Networks  last  week  filed  for 
an  IPO  in  the  United  States  and  Canada.  The  VoIP 
vendor  said  that  Morgan  Stanley,  RBC  Capital 
Markets  and  Merrill  Lynch  will  be  among  the 
underwriters,  according  to  documents  Mitel  filed 
with  the  U.S.  Securities  and  Exchange  Com¬ 
mission.  A  Mitel  spokesman  said  the  company 
could  not  comment  on  the  financial  details  of  the 
offering.  According  to  financial  documents  filed 
with  the  SEC,  Mitel  had  $285.2  million  in  revenue 
as  of  Jan.  31,  and  a  net  loss  of  $21.9  million  (the 
company’s  fiscal  year  ended  in  April  2006).  At  the 
same  time  a  year  ago,  Mitel  made  $251  million  in 
revenue  with  a  loss  of  $34  million.  Hardly  a 
nascent  start-up,  Mitel  was  founded  in  1973  as 
Mitel  Corp.,and  was  a  pioneer  in  the  PBX  market, 
making  telecom  equipment  and  semiconductors, 
among  other  products.  In  2001,  the  company 
divested  its  telecom  business.  The  company’s 
founder,  Terence  Matthews,  acquired  90%  of  that 
business  and  took  the  company  private,  renaming 
it  Mitel  Networks. 


See  Why  More  &  More  Businesses  are  Switching  to  D-Link 

"We  needed  to  make  wireless  Internet  access  available  to  media  from 
around  the  world  at  each  of  our  venues.  D-Link  rs  switches  and  access 
points  met  our  needs  reliably  and  within  budget. " 
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-  Julio  Carbonell, 
World  Baseball  Classic  Executive  tor  IT 


Proven  Enterprise-Level  Networking  is  Now  Within  Your  Reach 

Scalability.  Flexibility.  Affordability.  Think  your  business  has  nothing  in  common  with  the  World  Baseball 
Classic™?  Think  again. 

Seven  venues  in  14  days  with  a  traveling  press  corps  that  needed  to  meet  deadlines  in  every  time  zone 
around  the  world.  That  was  the  World  Baseball  Classic.  Major  League  Baseball  and  the  Major  League  Basebail 
Players  Association,  planners  of  the  World  Baseball  Classic,  chose  D-Link  xStack™  switches  and  ^//Premier™ 
wireless  access  points  to  make  it  possible  for  the  press  to  make  their  connections.  The  World  Baseball  Classic 
relied  on  D-Link@Work  Solutions  for  value  and  dependability.  You  can  too. 

Connections  Made.  Money  Saved.  Period. 


Trust  the  Global  Leader  in  SMB  Connectivity 
END  TO  END  SOLUTIONS 

From  the  core,  to  the  edge,  to  wireless  switching:  D-Link  provides  HHBfa 
complete  end-to-end  networking  solutions  for  your  business 


MARKET  LEADERSHIP 

Shipping  more  than  100.000  connections  a  day  worldwide, 
D-Link  is  the  market  share  leader  in  SMB  connectivity1 

f  PRODUCT  EXCELLENCE 

Put  your  trust  in  a  true  designer  and  manufacturer  that’s  been 
delivering  excellence  in  engineering  for  two  decades 


lnS33 


34/rPremier 

(Wireless  } 


D-LINK(Y/  WORK 

End-to-End 


or  caii  1 -888-XSTACK1 


QNetDefend 

(Security! 


Xs  tack 

Switching 
IP  Telephony 
Network  Storage 


Networking  Solutions  for 
Your  Growing  Business 


Get  more  for  your  IT  dollar  with 
D-Link@Work  Solutions: 
Feature-rich,  flexible  network 
infrastructure,  storage,  security 
and  VoIP  products  that  meet 
your  budget.  Not  enough? 

Place  your  trust  in  D-Link  and 
receive  a  free2  year  of  on-site 
support,  backed  by  NCR. 


Learn  more  at  www.dlink.com/at-work 


Market  Siiarc  information  derived  In-Stat  02  2005  Wireless  LAN  Equipment.  Ethernet  LAN  Switch  and  Broadband  Equipment-  Market  Slttnc  Report*.  Offer  valid  on  select  D-Link  switches,  visit 
w  vs w  dlink.com  as -work  tor  full  details.  Prices  and  specifications  am  subject  to  change  without  notice.  D-Link  die  D-Link  logo,  NetDefcnd.  Aii Premier  and  xStack  arc  trademarks  or  registered  bade  marks  ot 
D-Link  Corporation  or  its  subsidiaries  in  the  l  nited  States  and  other  countries.  Jradcmarks,  copyrights  and  other  prt*j)ru:tar>  matenals  are  used  with  permission  of  World.  Baseball  (  lasiic.  Inc.,  it'  alViliatcd  entities 
and  or  its  licemces.  N<  R  is  a  trademark  or  registered  trademark  ol  NCR  Corporation.  All  other  company  or  product  names  mentioned  herein  arc  trademarks  or  registered  trademarks  of  their  respective  companies. 
(  upyright  C  201)6  D  Link  Corporation  1M.  ink  S>  stems,  Inc.  w  w  wall  ink  com 
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Open  source  management  arrives 

Vendors  address  user  pain  points,  integration,  usability  and  support  for  open  source  mgmt.  applications. 


Open  source  confidence  index 

A  recent  Forrester  Research  survey  of  95  customers  asked 
what  they  think  are  the  greatest  advantages  and  disadvantages 
of  open  source  software. 


Advantages 


Low  acquisition  cost  85% 


Low  total  cost  of  ownership  68% 

•cost  Intel  s 


55% 


suppliers  37% 
Familial’  to  developers/We  have  the  skills  25% 


ler  quality  18% 
Other  10% 


Disadvantages 
Lack  of 


Lack  of  applications  36% 

We  don’t  have  the  skills  or  familiarity  36% 

Unexpected  license  costs  (i.e.,  SCO  is  asking  for  Linux)  33% 
Fear  that  the  open  source  community  will  splinter  26% 


Fear  of  getting  sued  over  copyrights  and  patents  1 6% 


Other  5% 
’  None  5% 


SOURCE:  FORRESTER  RESEARCH 


BY  DENISE  DUBIE 

Six  open  source  project  spon¬ 
sors  last  week  founded  an  indus¬ 
try  organization  to  elevate  the 
status  of  open  source  manage¬ 
ment  tools  in  enterprise  IT  shops. 

The  Open  Management 
Consortium  (OMC)  says  it  will 
develop  standards  to  simplify  the 
job  of  integrating  disparate  open 
source  management  applications 
in  an  effort  to  make  man¬ 
aging  large  enterprise  networks 
with  open  source  tools  easier  for 
users.  Most  companies  use  sev¬ 
eral  management  tools,  but  the 
majority  of  proprietary  products 
available  today  require  extensive 
integration  for  them  to  share  data 
—  even  when  they’re  from  the 
same  vendor.  The  OMC  proposes 
its  members  develop  com¬ 
mon  methods  of  collecting,  shar¬ 
ing  and  reporting  on  manage¬ 
ment  data  collected  across  enter¬ 
prise  networks. 

The  group  doesn’t  consider 
itself  in  competition  with  com¬ 
mercial  vendors,  and  would  like 
to  see  market  leaders  BMC 
Software,  CA,  HP  and  IBM  con¬ 
tribute  to  the  effort  so  buyers  can 
integrate  source  applications 
more  easily  with  commercial 
products. 

Vendors  joining  in 

Vendors  such  as  Centeris, 
Groundwork  Open  Source, 
Hyperic  and  Splunk  have  started 
to  open  parts  of  their  proprietary 
software  code  and  make  it  avail¬ 
able  through  open  source  licens- 
es.They  separately  emerged  in  the 
past  year  and  straddled  the  open 
source  and  proprietary  worlds, 
offering  management  applica¬ 
tions  rooted  in  open  source  and 
in  some  cases,  providing  free  ver¬ 
sions  for  download. 

Management  heavyweights 
such  as  IBM  and  CA  have  sepa¬ 
rately  shown  their  support  for 
open  source  as  well.  About  a  year 
ago  IBM  acquired  open  source 
developer  Gluecode,  and  last  fall 
CA  spun  out  its  Ingres  database 
technology  into  an  independent 
open  source  database  company 

“The  tide  is  starting  to  turn. 
There  are  more  open  source 
management  products,  and  com¬ 
mercial  vendors  are  getting  more 
interested  in  exploring  and  inte¬ 


grating  with  open  source,  which 
can  only  benefit  the  end-user 
community  says  Ethan  Galstad, 
founder  and  president  of 
Ayamon,an  OMC  member. 

Galstad  also  created  and 
remains  the  lead  developer  of 
Nagios.a  7-year-old  open  source 
network  monitoring  tool  that 
has  been  the  basis  for  commer¬ 
cial  products  from  Hyperic. 
Galstad  says  the  willingness  of 
management  vendors  —  albeit 
smaller  start-ups  —  to  open 
their  source  code  shows  the 
market  is  ready  to  adopt  open 
source  management. 

“Open  source  tools  have  always 
been  strong  in  IT  departments 
and  used  by  technical  engineers, 
but  it  has  not  been  until  the  past 
year  that  1  have  seen  commercial 
vendors  taking  their  proprietary 
tools  and  making  them  open 
source  or  providing  parts  of  them 
under  an  open  source  license,” 
Galstad  says. 

Such  vendor  interest  in  open 


source  could  spur  adoption 
among  hesitant  IT  managers  con¬ 
cerned  about  the  community 
behind  the  source  code,  industry 
watchers  say 

“The  OMC  is  a  sort  of  reassur¬ 
ance  to  IT  managers  that  there  is  a 
committed  community  behind 
open  source  systems  manage¬ 
ment,”  says  Raven  Zachary  a  senior 
analyst  and  head  of  the  open 
source  practice  at  The  451  Group. 
“The  group  has  indicated  it  will 
work  toward  developing  common 
APIs  and  a  common  integration 
layer,  so  IT  managers  won’t  have  to 
worry  about  weaving  disparate 
systems  together  on  their  own." 

The  premise  of  the  OMC 
appeals  to  buyers  because  stan¬ 
dards  for  collecting  and  sharing 
management  data  could  address 
a  critical  pain  point:  Freeware 
applications  and  proprietary 
products  remain  difficult  and 
time-consuming  to  install,  inte¬ 
grate  and  customize. 

Rick  Beebe,  manager  of  system 


and  network  engineering  for  ITS- 
Med  at  the  Yale  University  School 
of  Medicine  in  New  Haven, 
Conn., says  he  already  uses  open 
source  products  to  augment 
commercial  tools,  but  an  organi¬ 
zation  dedicated  to  hashing  out 
integration  issues  would  benefit 
his  open  source  deployments. 
“Much  of  the  programming  1  end 
up  doing  is  glue  to  tie  different 
applications  together.  If  they  all 
spoke  a  common  language  and  I 
could  plug  them  together  how¬ 
ever  I’d  like,  it  would  save  a  great 
deal  of  time  and  energy’ 

Beebe  says  he  likes  open 
source  tools  “because  of  the  cus¬ 
tomization  and  ability  to  try 
them  on  my  own  terms.”  And  the 
cost  is  right:  “The  number  and 
complexity  of  systems  we  have 
just  keeps  growing,  but  we’re 
rarely  allowed  to  add  more  peo¬ 
ple  to  manage  them.” 

Jim  Stalder,C10  at  Mercy  Health 
Services  in  Baltimore,  admits  he 
was  hesitant  about  opting  for  the 
open  source  enterprise  monitor¬ 
ing  application  Zenoss  over  BMC 
Performance  Manager  (previous¬ 
ly  Patrol).  But  considering  the 
possible  $500,000  price  tag 
he  would  have  spent  on  most 
commercial  management  soft¬ 
ware  products,  he  says  he 
thought  he’d  give  the  free  prod¬ 
uct  (under  the  GNU  General 
Public  License)  a  try  before  com¬ 
mitting  budget  dollars. 

“We  don’t  have  a  huge  develop¬ 
ment  staff  so  I  didn’t  want  to  get 
an  open  source  product  in  here  if 
we  had  to  worry  about  develop¬ 
ing  it,  maintaining  it, supporting  it 
and  growing  it  to  fit  our  needs,” 
Stalder  says.“But  on  the  contrary, 
we  are  only  using  what  we  need, 
and  we  can  grow  Zenoss  at  our 
own  pace  rather  than  pay  for  a 
lot  of  great  features  from  a  com¬ 
mercial  vendor  that  we  never  put 
to  use  in  our  environment.” 

About  the  members 

OMC  founding  members  — 
Nagios  (sponsored  by  Ayamon), 
NetDirector  (sponsored  by  Emu 
Software),  openQRM  (sponsored 
by  Qlusters),  openSIMS  (spon¬ 
sored  by  Symbiot),  the  Webmin 
project  and  the  Zenoss  project 
(sponsored  by  Zenoss)  —  say 
being  able  to  work  together 


toward  a  common  goal  will  help 
their  individual  open  source  pro¬ 
jects  mature. 

The  commercial  software  ven¬ 
dors  in  the  group  that  have  opted 
to  make  some  of  their  code  avail¬ 
able  as  open  source  have  already 
reaped  some  benefits.  For 
instance,  since  making  its  server 
resource-management  software 
available  as  the  open  source 
openQRM  ($750  per  managed 
server)  in  February,  Qlusters  says 
the  software  has  been  down¬ 
loaded  more  than  10,000  times. 

Zenoss  has  been  downloaded 
2,000  times  since  it  went  open 
source  under  a  modified  version 
of  the  Mozilla  open  source 
license  in  February.  And  Emu 
Software’s  NetDirector  configura¬ 
tion-management  tool  has  been 
downloaded  1,200  times  since 
the  company  made  it  available  in 
April  under  a  similar  modified 
Mozilla  license  model. 

For  Webmin,  a  Web-based 
interface  for  Unix  system 
administration,  the  benefit  of 
joining  OMC  is  group  develop¬ 
ment.  Up  to  this  point  the  tool 
has  been  developed  primarily 
by  a  single  person,  industry  vet¬ 
eran  Jamie  Cameron. 

Member  Symbiot  took  its  propri¬ 
etary  security-management  prod¬ 
uct  and  opened  the  source  code 
to  offer  openSIMS  (open  Security 
Infrastructure  Management  Sys¬ 
tems),  which  is  available  under  an 
Apache  license. The  software  runs 
on  a  dedicated  server  at  the  net¬ 
work  perimeter,  creates  a  map  of 
IT  components  and  measures  risk 
based  on  data  collected  across 
the  infrastructure. 

In  conjunction  with  the  OMC 
launch,  the  company  revamped 
the  open  source  product  and  now 
offers  it  prebuilt  to  customers  so 
they  don’t  have  to  dedicate  time 
and  resources  to  getting  it  inte¬ 
grated  and  up  and  running. 

“Open  source  management 
historically  has  been  a  bunch  of 
fiefdoms  that  haven’t  come 
together  in  a  comprehensive 
way  for  end  users,"  says  Mike 
Erwin,  founder,  president  and 
chairman  of  Symbiot.The  indus¬ 
try  really  needed  something  that 
could  combine  the  efforts  and 
help  mature  the  separate  proj¬ 
ects  on  a  similar  path.”B 
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NetVanta  7100 
Integrated  IP  PBX,  Voicemail, 
Auto  Attendant,  Router,  24-port 
PoE  Switch,  VPN,  Firewall 

ADTRAN  offers  a  broad 
range  of  IP  phones  to 
meet  your  business 
/  communication  needs 
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NetVanta  7100: 

A  phone  system  and 
data  network, 

all  in  a  single  device 


affordable 
IP  Telephony 

NetVanta  7100 — Everything  a  small  office 
needs  for  voice,  data  and  Internet 

The  ADTRAN  NetVanta®  7100  is  the  newest  addition  to  our  field- 
proven  suite  of  NetVanta  switches,  routers  and  VPN/Firewall  solutions. 

This  new  IP  PBX  with  integrated  switch-router — an  Office  in  a  Box — 
provides  a  complete  solution  for  growing  small  and  medium 
businesses.  Your  office  communications  can  be  up  and  running 
quickly  and  smoothly  with  this  converged  IP  platform. 


Imagine  a  comprehensive  telephony  and  data  networking 
solution  that  consolidates  voice,  data,  Internet  and  security - 
all  in  a  single  device. 


High  costs  for  communications  are  now  a  thing  of  the  past. 

With  ADTRAN,  you  can  easily  lower  your  total  cost  of  ownership.  Every 
NetVanta  includes  ADTRAN’s  100%  satisfaction  guarantee,  backed 
by  industry- leading  technical  support  (before  and  after  the  sale) , 
free  firmware  upgrades,  and  a  full  5-year  warranty. 

www.adtran.com/ipt 


1.800  9ADTRAN 

(923-8726) 


The  Network  Access  Company 


Copyright®  2006  ADTRAN  Inc.  All  rights  reserved  ADTRAN  and  NetVanta  are  registered 
trademarks  of  ADTRAN.  Inc  Five-year  warranty  applies  in  North  America  and  Europe. 
Polycom  is  a  registered  trademark  of  Polycom,  Inc  EN09A03I306NWW 


10  •  www.networkworld.com  •  5.15.06 


Verizon  wants  to  manage  your  bills 

Service  management  offering  lets  customers  track  telecom  expenses, 


Verizon  services  tackle  disaster  recoveiy 


Verizon  Business  last  week  unveiled  services 
designed  to  let  business  and  government 
customers  maintain  their  telecommunica¬ 
tions  in  times  of  natural  disasters,  equipment  fail¬ 
ures  or  building  evacuations. 

The  new  group  of  services,  called  Business 
Resilience  Solutions,  addresses  a  range  of  busi¬ 
ness-continuity  preparedness  tasks,  from 
assessment  to  implementation  of  network  and 
storage  capabilities.  The  Business  Resilience 
Solutions  portfolio  is  designed  to  address 
requirements  for  continuity,  security  and  prod¬ 
uctivity,  and  the  services  range  from  traditional 
voice  and  data  networking  to  high-availability 
and  network-embedded  applications,  storage 
offerings,  and  professional  services  capabilities. 

“A  new  era  of  business-critical  systems  [such 
as  grid  and  utility  computing]  will  accelerate  the 
[business  resiliency]  market,”  says  Sean 
Hackett,  research  manager  of  Business  Net¬ 
work  Services  for  IDC. 

Businesses  are  transitioning  from  reactive  dis¬ 
aster  recovery  to  proactive  business  continuity, 
Hackett  says.  This  view  is  shared  by  Verizon 
Business  customer  DBK  Concepts,  a  provider  of 
mobile  data-collection  systems  for  inventory 
management  in  the  retail,  grocery,  wholesale  and 
transportation  industries  in  Miami. 

“In  the  last  two  years  of  our  business,  we  did 
have  significant  interruptions  due  to  Hurricane 
Katrina  and  Hurricane  Wilma,"  says  Luis  Barroso, 
president  of  DBK  Concepts.  “We  became  very 
proactive  in  looking  for  a  solution  at  that  time.  If 
we  miss  our  shipping  window  because  of  Internet 
disruption  by  one  hour,  our  customer  is  down  an 
additional  48  hours." 

DBK  now  uses  Verizon  Business  data  centers 
and  satellite  communications  for  business  conti¬ 
nuity,  Barroso  says. 

Other  components  of  the  portfolio  include  a 


partnership  with  Strohl  Systems,  a  provider  of 
business-continuity  planning  software  and  ser¬ 
vices.  Verizon  Business  will  provide  customers 
with  consulting  services,  such  as  business  im¬ 
pact  analyses,  gap  analyses,  strategy  workshops, 
asset  inventory  development  and  vulnerability 
assessments,  while  Strohl's  business  continuity 
planners  will  work  with  customers  to  develop 
contingency  plans  to  keep  business  operations 
functioning  and  employees,  customers  and  suppli¬ 
ers  connected,  Verizon  Business  says. 

Another  service  is  the  Resilient  Network 
Attached  Storage  (RNAS)  solution.  It  targets 
large  organizations  with  branch  offices  or  other 
remote  locations,  and  is  designed  to  improve  the 
performance  of  storage  applications  and  WAN 
infrastructure.  RNAS  combines  network  trans¬ 
port  and  access  from  Verizon  Business,  network- 
attached  storage  platforms  and  software  from 
EMC,  and  network  equipment  from  Cisco. 

RNAS  provides  remote  offices  with  dedicated, 
on-site  file  storage  and  sharing  capabilities,  while 
centralizing  file  management,  security  and  busi¬ 
ness-recovery  functions.  RNAS  helps  ensure  files 
are  accessible  anytime  by  staff  working  outside 
the  main  office,  Verizon  Business  says. 

RNAS  and  Strohl  Systems  join  existing  Verizon 
Business  services,  such  as  managed  security  and 
storage  offerings  unveiled  last  year  (www.nwdoc 
finder.com/3457),  to  fill  out  the  business  resiliency 
portfolio.  Verizon  Business  plans  to  introduce 
additional  business  continuity  services  targeted 
at  collaboration,  mobility  and  supply-chain  man¬ 
agement  throughout  the  year. 

The  carrier  will  face  competition  in  this  market 
from  systems  integrators,  specialized  service 
providers  and  traditional  carriers  such  as  AT&T, 
which  demonstrated  its  mobile  disaster-recovery 
capabilities  atTelecomNext  earlier  this  year. 

—  Jim  Duffy 


BY  DENISE  PAPPALARDO 

Verizon  Business  this  week  will 
launch  a  comprehensive  tele¬ 
com  expense  management  ser¬ 
vice,  the  first  such  offering  from  a 
major  carrier. 

The  Verizon  Business  Integrated 
Telecom  Expense  Management 
Service  is  a  suite  of  managed  ser¬ 
vices  that  let  corporate  and  gov¬ 
ernment  customers  monitor,  ana¬ 
lyze  and  track  telecom  service 
expenses  for  their  wireline  and 
wireless  services.  The  TEM  ser¬ 
vice  lets  users  track  circuits, WAN 
routers,  wireless  rate  plans  and 
handheld  devices. 

“Enterprise  users  are  expected 


Verizon’s  TEM 

Verizon  Business  is 
launching  the  first  telecom 
expense  management 
service  from  a  carrier. 

It  includes: 

For  wireline: 

•  Inventory  asset  tracking  (lines, 
circuits,  gear) 

•  Contract  administration 

•  Invoice  auditing 

•  Dispute  resolution 
For  wireless: 

•  Procurement 

•  Rate  plan  analysis 

•  Fraudulent-usage  analysis 

•  Invoice  processing 

•  Asset  tracking  (handheld  devices) 

to  spend  $550  million  on  tele¬ 
com  expense  management  tools 
and  services  this  year,”  says  Eric 
Goodness,  vice  president  of 
research  for  Gartners  managed 
and  professional  network  ser¬ 
vices  organization. 

That’s  $105  million  more  than 
was  spent  in  2005,  so  customers 
are  willing  to  spend  to  save.  But 
will  they  be  willing  to  buy  such 
tools  from  one  of  the  carriers  be¬ 
hind  those  cumbersome  and 
often  incorrect  bills? 

Some  users  seem  skeptical,  but 
Vbrizon  Business  is  giving  it  a  try 
Verizon  is  using  different  plat¬ 
forms  to  track  wireline  and  wire¬ 
less  services. 

“No  other  carrier  has  made  a 
formal  announcement  about  a 


discrete,  focused  market  offer  for 
multicarrier  TEM  services,”  Good¬ 
ness  says.  “It’s  a  very  powerful 
offer!’ 

Verizon  has  teamed  with  Sym¬ 
phony  Services,  which  has  devel¬ 
oped  an  analytical  software  plat¬ 
form  to  track  wireline  services 
from  a  number  of  service  pro¬ 
viders.  The  tool  keeps  track  of 
lines,  circuits,  customer  premise 
equipment  and  WAN  gear.  The 
platform  lets  Verizon  provide  in¬ 
ventory  asset  tracking,  contract 
administration  and  bill  auditing. 

That  means  that  Verizon 
Business,  on  behalf  of  its  cus¬ 
tomers,  will  review  all  telecom  in¬ 
voices  and  note  any  errors.  When 
asked  what  happens  when  errors 
are  discovered  on  Verizon  bills, 
the  carrier  says  they  will  be  dealt 
with  the  same  way  as  if  they  were 
found  on  any  other  carrier’s  bill. 

“We’re  trying  to  take  a  nonpar¬ 
tisan  view  and  treating  Verizon 
Business  no  differently  than  any 
other  vendor  so  we  don’t  get 
into  a  ‘fox  watching  the  hen¬ 
house’  scenario,”  says  Cliff 
Cibelli,  group  manager  of  man¬ 
aged  network  services. 

And  like  many  telecom  bill 
auditing  firms,  Verizon  Business 
will  provide  dispute  resolution 
and  remediation,  the  latter  as  an 
add-on  service  for  customers. 

Verizon  Business  customer 
Euler  Hermes,  the  global  credit  in¬ 
surer,  says  it  is  not  interested  in 
TEM  services  from  any  carrier. 

“We  want  to  be  in  control,”  says 
Dave  Kozlowski,  vice  president  of 
technical  services  for  Euler 
Hermes’  North  American  arm  in 
Owing  Mills,  Md.“We  don’t  want  to 
have  to  rely  on  a  vendor!’ 

Euler  Hermes  is  not  the  only 
customer  that  would  question 
handing  over  its  TEM  to  one  of 
the  largest  telecom  services 
providers  in  the  United  States.  So 
why  would  an  enterprise  cus¬ 
tomer  select  Verizon’s  service 
over  any  of  the  other  90  or  so 
TEM  vendor  offerings?  Verizon’s 
Cibelli  says  it’s  because  the  carri¬ 
er  has  been  doing  bill  auditing 
and  TEM  services  on  a  case-by¬ 
case  basis  for  its  largest  outsourc¬ 
ing  customers  for  years.This  work 
stems  from  the  legacy  MCI  side  of 
the  house. 

Gartner’s  Goodness  points  to 


two  other  reasons  why  customers 
may  select  a  carrier’s  offering  over 
an  independent  TEM  vendor.“A  lot 
of  very  large  enterprises  are  afraid 
of  putting  their  $300  million  tele¬ 
com  spend  in  the  hands  of  a  com¬ 
pany  that  only  generates  $5  to  $6 
million  a  year!*  he  says.  Verizon 
should  be  well-versed  on  how  to 
audit  telecom  bills  from  third- 
party  carriers,  he  says. 

Cibelli  says  Verizon  has  gone 
through  the  work  of  integrating 
multiple  platforms  that  address  all 
of  a  customer’s  wireline  and  wire¬ 
less  telecom  costs. 


The  carrier  is  working  with  a 
TEM  software  company  that  spe¬ 
cializes  in  monitoring  wireless 
services  and  devices,  but  did  not 
share  the  name  of  that  vendor.The 
wireless  platform  can  be  used  to 
procure  new  wireless  services 
and  devices  based  on  any  num¬ 
ber  of  wireless  service  contracts  a 
customer  may  have. 

The  software  tool  also  will  let 
customers  compare  their  wireless 
contracts  against  a  database  of 
35,000  national  plans. 

Verizon  has  integrated  these  two 
platforms  so  customers  can  use  a 


single  portal  to  view  information 
from  both  systems.The  integration 
lets  the  two  platforms  share  infor¬ 
mation  so  customers  can  calcu¬ 
late  total  telecom  cost  and  total 
departmental  charge-backs. 

Verizon’s  Cibelli  says  the  cost  of 
its  Integrated  Telecom  Expense 
Management  Service  depends 
on  the  number  of  elements  that 
are  managed,  and  the  prices  are 
different  for  wireline  and  wire¬ 
less  elements.  In  general,  that 
would  amount  to  between  .75% 
and  1.5%  of  a  customer’s  annual 
telecom  spend,  he  says.  ■ 
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Oracle  platform  targets  security 


Integration  project 

Oracle  faces  an  integration  chore  just  like  other  vendors  that 
built  identity  management  suites  through  acquisition.  Here  is 
a  look  at  the  components  Oracle  hopes  to  finally  build  in  to  a 
set  of  services  for  service-oriented  architectures. 


Identity  category 

Components 

Acquired 

Single  sign-on  and  Web 
access  control 

CorelD  Access  and  Identity 

Oblix  2005 

Directory  services 

Internet  Directory 

Virtual  Directory 

Directory  developed 
in-house;  Virtual 
Directory  from 
OctetString  2005 

Identity  administration 

CorelD  Access  and  Identity 

Oblix  2005 

Strong  authentication 

Certificate  Authority 
Security  Developer  Tools 

Developed  in-house 

User  provisioning 

Identity  Manager 

Thor  Technologies  2005 

Web  servies  access  control 

Web  Services  Manager 

Oblix/Confluent  2005 

Federated  identity 

CorelD  Federation 

Oblix  2005/Phaos  2004 

BY  JOHN  FONTANA 

Oracle  last  week  set  in  motion 
the  second  phase  of  its  multiyear, 
three-prong  plan  to  develop  an 
integrated  suite  of  identity  man¬ 
agement  software  using  the  piece 
parts  it  acquired  over  the  last  two 
years. 

The  suite’s  goal  is  to  offer  corpo¬ 
rations  everything  from  fine-tuned 
access  control  to  identity  federa¬ 
tion  with  partners  as  corporations 
address  security  and  compliance 
issues  by  building  identity  man¬ 
agement  infrastructures. 

Oracle  last  week  announced  the 
availability  of  Oracle  Identity 
Manager  lOg  R3,  the  provisioning 
software  that  is  one  part  of  the 
Oracle  Identity  Management 
suite.  Compliance  features  high¬ 
light  the  R3  software,  which  was 
acquired  last  year  along  with  Thor 
Technologies.  Provisioning  soft¬ 
ware  provides  a  platform  for  giv¬ 
ing  users  access  to  resources 
based  on  a  set  of  roles  and  rules 
and  an  audit  trail  for  who  has 
access  to  what  and  when. 
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Identity  Manager  R3  is  the  first  in 
a  series  of  software  releases  that 
will  continue  this  summer  when 
the  company  updates  its  federa¬ 
tion  software  (acquired  from 
Phaos  in  2004  and  Oblix  in  2005), 
its  access  management  software 
(Oblix  2005)  and  its  virtual  direc¬ 
tory  technology  (acquired  from 
OctetString  in  2005). 

Oracles  short-term  goal  is  to 
deliver  incremental  upgrades  to 
the  components  of  its  identity 
management  suite  but  the  ulti¬ 
mate  goal  is  to  align  all  the  soft¬ 
ware  under  a  common  architec¬ 
ture. 

“I’d  characterize  Oracle  as  hav¬ 
ing  established  communication 
among  these  components,  but  not 
yet  integration  and  functional 
rationalization,”  says  Jonathan 
Penn,  an  analyst  with  Forrester 
Research. 

Oracle  says  the  identity  integra¬ 
tion  task  will  take  another  leap 
forward  with  the  release  of  Oracle 
Identity  Management  11  some¬ 
time  next  year. 

Oracle  faces  the  same  chore  as 
many  other  vendors,  which  is 
tying  together  a  collection  of  soft¬ 
ware  garnered  through  acquisi¬ 
tion  into  an  identity  platform  with 


common  underpinnings  such  as 
a  single  workflow  engine. 

“Oracle  plans  to  be  out  front 
and  their  plan  is  clearly  to  be  a 
leader  in  this  marketplace,”  says 
Roberta  Witty,  an  analyst  with 
Gartner.  But  Witty  says  Oracle,  like 
many  others  such  as  BMC,  CA,  HP 
IBM  and  Sun,  has  bought  its  way 
into  the  identity  management  bat¬ 
tle.  “Who  is  to  say  if  any  one  of 
them  is  more  articulate  in  identity 
and  access  management  than  the 
other,”  Witty  says. 

After  last  year’s  flurry  of  consoli¬ 
dation  among  identity  vendors 
big  and  small,  analysts  agree  the 
next  few  years  will  test  if  the  ven¬ 
dors  can  create  integrated  identi¬ 
ty  suites.  Experts  say  vendors  will 
need  to  reengineer  their  software 
to  adapt  it  to  a  single,  common 
architecture. 

Oracle’s  plan,  according  to  com¬ 
pany  officials,  is  to  develop  its 
identity  into  a  slate  of  network  ser¬ 
vices. 

“We  are  looking  to  deliver  these 
services  built  on  a  [service-orient¬ 
ed  architecture]  platform,”  says 
Hasan  Rizvi,  vice  president  of 
Oracle  security  and  identity  man¬ 
agement  products. 

“If  you  see  the  way  that  cus¬ 


tomers  are  looking  to  consume 
identity  going  forward,  part  of  the 
broader  strategy  is  to  deliver  not 
so  much  an  integrated  suite  of 
technologies  but  a  set  of  services 
built  on  a  common  platform.  A 
platform  that  can  be  used  by 
application  developers  and  IT.” 
Rizvi  says  Oracle  plans  to  deliver 
this  in  2007.“We  think  that  will  be 
a  leapfrog  over  just  providing  an 


integrated  suite.” 

He  says  a  big  part  of  that  will  be 
standards  support.  Oracle  will  add 
support  this  summer  for  SAML 
2.0,  WS-Federation  and  Liberty 
Alliance’s  Identity  Federation 
Framework  to  its  identity  federa¬ 
tion  product  along  with  support 
for  the  Service  Provisioning 
Markup  Language  2.0  in  the  next 
release  of  Identity  Manager.  ■ 


WAN  optimization  market  continues  to  shrink 


WAN  acceleration  consolidation 

Companies  that  make  appliances  to  speed  up  transactions 
over  wide-area  networks  have  been  gobbling  each  other  up 
in  an  effort  to  get  a  complete  set  of  features. 


Juniper  buys  Peribit  for  $337  million 

April  2005 

Juniper  buys  Redline  for  $132  million 

April  2005 

Citrix  buys  NetScaler  for  $300  million 

June  2005 

F5  Networks  buys  Swan  Labs  for  $43  million 

September  2005 

Packeteer  buys  Tacit  Networks  for  S78  million 

May  2006 

Expand  Networks  to  buy  DiskSites  for  an  undisclosed  amount 

Pending 

BY  TIM  GREENE 

Customer  choice  in  the 
WAN  acceleration  area 
keeps  getting  smaller.  The 
trend  continued  last  week  as 
Expand  and  Packeteer  each 
announced  they  will  snap 
up  another  competitor. 

Expand  Networks  says  it  is 
buying  DiskSites,a  company 
that  makes  wide-area  file  ser¬ 
vices  (WAF'S)-enhancing 
gear  and  with  which  Ex¬ 
pand  already  had  a  reselling 
agreement. 

The  purchase  means  Ex¬ 
pand  customers  can  buy  combined 
Expand/DiskSites  products  at  half  the  price 
they  would  be  charged  under  the  OEM 
agreement,  says  Expand  President  Amir 
Chitayat. 

For  its  part,  Packeteer  is  buying  Tacit  Net¬ 
works’  Ishared  appliances  to  add  server 
consolidation  technology  to  Packeteer’s 
BacketShaper  WAN-optimization  products. 

Over  time,  Packeteer  says  it  will  make  new 
hardware  to  support  both  PacketShaper 


and  Ishared  software  so  customers  can  buy 
one  box  and  upgrade  it  as  needed. 

These  purchases  are  an  effort  to  catch  up 
with  other  WAN  acceleration  vendors  that 
offer  more  features,  says  Rob  Whiteley  an 
analyst  with  Forrester  Research.  He  says 
Riverbed  has  the  best  collection  of  features 
and  that  others  are  trying  to  keep  pace. 
Competitors  include  Certeon,  Cisco,  Citrix, 
Juniper,  Orbital  Data,  Silver  Peak  and 
Streamcore.  Four  other  companies  that  sold 


such  products  were  bought 
out  in  the  past  year  (see  time¬ 
line). 

This  class  of  device  is  gener¬ 
ally  deployed  in  pairs  at  both 
ends  of  WAN  connections. 
They  use  a  variety  of  technolo¬ 
gies  —  compression,  caching, 
application  acceleration,  TCP 
optimization  —  to  decrease 
the  number  of  bits  crossing 
the  WAN  and  to  improve  re¬ 
sponse  time  for  transactions. 
This  can  result  in  better  perfor¬ 
mance  and  cost  savings  by 
making  wide-area  circuits  act 
as  if  they  have  more  bandwidth  than  cus¬ 
tomers  are  paying  for. 

According  to  infonetics,  the  WAN  opti¬ 
mization  appliance  market  increased  49% 
worldwide  in  2005  to  $236  million.  Info¬ 
netics  forecasts  double-digit  annual  growth 
at  least  through  2009.  When  ranked  by  rev¬ 
enue  in  2005,  Packeteer  came  in  first,  fol¬ 
lowed  in  order  by  Expand,  Juniper  and 
Riverbed,  Infonetics  says. 

While  that  is  a  relatively  small  market.it  is 


growing  in  importance  because  it  is  bring¬ 
ing  about  server  consolidation,  says  Joel 
Conover,  an  analyst  with  Current  Analysis. 
As  businesses  pull  servers  from  branch 
offices  and  centralize  them  they  need  to  re¬ 
spond  to  complaints  from  workers  in 
branch  offices  who  find  accessing  servers 
over  the  WAN  unacceptably  slow,  he  says. 

He  says  it  is  essential  to  speed  up  these 
transactions  to  make  server  consolidation 
succeed. 

Customers  are  in  a  bind,  though,  Whiteley 
says.  Many  are  forced  to  buy  one  of  these 
products  to  fix  an  immediate  need.“lf  you 
spend  millions  of  dollars  on  an  SAP  rollout 
and  it’s  not  working,  then  a  $100,000  invest¬ 
ment  in  a  Riverbed  box  that  makes  it  work 
might  be  smart,”  he  says. 

But  network  vendors,  notably  Cisco  and 
possibly  Juniper.seem  intent  on  putting  this 
type  of  technology  in  routers  within  five 
years,  he  says.That  leaves  customers  uncer¬ 
tain  whether  to  buy  an  appliance  now,  hop¬ 
ing  they  will  evolve  to  meet  new  needs,  or 
wait  until  their  next  network  bandwidth 
upgrade  and  hope  that  fixes  the  problem, 
Whiteley  says.  ■ 
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Google's  corporate  play? 

Google  Enterprise  is  the  smallest  division  at  the  company  with  just  more  than  100  employees, 
and  represents  a  barely  recognizable  sliver  of  overall  revenue.  Its  only  formal  corporate  products 
are  various  flavors  of  the  Search  Appliance,  but  Google  has  some  ideas  that  could  bring  the 
division's  tools  into  an  organization  through  user  adoption. 


Software/service 

Features 

Enterprise  qualities 

Google  Desktop  4 

New  Gadgets  feature. 

Provides  opportunity  to  deliver  data  to  users  via  simple  applications. 

Writely 

Company  and  its  online  word  processor 
acquired  by  Google  earlier  this  year. 

Writely  had  been  developing  a  corporate  version  with  document, 
security  controls. 

Google  Co-op 

Social  networking  tool  for  organizing, 
sharing  links. 

Microsoft,  IBM/Lotus  developing  similar  tools  for  their 
collaboration  suites. 

Google  Notebook 

More  social  networking  to  capture  and 
share  online  research. 

Users  can  share  their  notes  with  others. 

OneBox 

Search  appliance  can  search  against 
corporate  repositories. 

Announced  partnerships  earlier  this  year  with  Cisco,  NetSuite, 
Oracle,  Salesforce.com,  among  others. 

Google 

continued  from  page  1 

they  are  going  to  have  to  continue 
investing  in  the  Google  Desktop 
and  Search  Appliance  to  keep 
competitive.” 

“Google  will  have  the  most  im¬ 
pact  on  small  businesses,”  he  says. 
“If  you  have  the  Search  Appliance 
suddenly  you  have  all  this  tooling 
around  it  [mail, calendaring, desk¬ 
top,  word  processor]  and  it  delays 
you  going  out  and  buying  a  col¬ 
laboration  platform.” 

Google’s  step-by-step  approach 
to  the  corporation  can  be  seen  in 
its  OneBox  for  Enterprise,  which 
was  introduced  last  month  as  a 
feature  of  Search  Appliance, 
which  is  Google’s  only  revenue¬ 
generating  enterprise  product. 

OneBox  has  been  used  for  years 
on  Google’s  consumer  search 
engine;  it  provides  specialized 
results  when  users  type  in  pack¬ 
age  tracking  numbers  or  key¬ 
words  such  as  “weather’’ 

Google  now  has  partnerships 
with  NetSuite,  Oracle  and 
Salesforce.com  so  users  can  get 
search  results  from  those  systems 
by  typing  in  a  query  such  as“quar¬ 


terly  sales  results.”  An  API  released 
as  part  of  Google’s  Enterprise 
Developer  program  lets  corporate 
developers  build  connectors  to 
other  systems. 

Google  hopes  to  use  the  same 
model  to  introduce  tools  that 
build  off  the  Search  Appliance. 

The  Gadgets  feature  of  Desktop 
is  beta  software  that  uses  Google 
search  capabilities  to  find  e-mail 
and  files  and  show  intranet  search 
results.  The  Desktop  also  is  the 


anchor  for  a  new  feature  called 
Sidebar,  which  provides  a  quick 
glance  at  personal  information 
and  a  list  of  Gadgets. 

Gadgets  are  mini  applications. 
Google  has  built  a  number  of 
them,  including  a  music  player, 
and  offers  an  API  so  users  can 
build  their  own. 

Apple  has  similar  features  in 
Mac  OS  X,and  Microsoft  has  a  fea¬ 
ture  also  called  Gadgets  that  will 
ship  with  Vista. 


“Gadgets  and  the  Sidebar  are  a 
way  to  deliver  functionality  to  the 
desktop,”  said  Matt  Glotzbach, 
senior  product  manager  for 
Google  Enterprise.  “You  can  have 
a  Gadget  that  delivers  corporate 
data  to  a  personal  homepage.” 

He  said  Google’s  consumer 
team  is  pushing  features,  but  the 
enterprise  team  is  driving  security 
and  IT  requirements.  “We  bring 
the  likes  of  Oracle  and  Salesforce. 
com  to  the  table,”  Glotzbach  said. 

It  was  the  corporate  team  that 
fostered  a  feature  in  Desktop 
that  lets  administrators  block  at 
the  network  level  the  “search 
across  computers”  feature, 
which  was  seen  as  a  security 
risk  by  many  IT  shops. 

Glotzbach  said  the  steps  into 
the  enterprise  continue  with 
Co-op,  which  can  be  combined 
with  OneBox  to  offer  more  rele¬ 
vant  search  results. 

Co-op  lets  users  associate  Web 
pages  with  their  given  area  of 
expertise  and  then  offer  those 
as  a  link  that  other  users  can 
subscribe  to  and  see  as  part  of 
their  search  results. 

Notebook,  which  like  the 
other  tools  is  beta  software,  lets 
users  cut  and  paste  text  and 
pictures  from  the  Web  into  a 
Notebook  window  on  the  desk¬ 
top.  Users  can  save  the 
Notebooks  or  share  them  with 
other  users. 

Marissa  Mayer,  Google’s  vice 
president  of  search  products 
and  user  experiences,  said  the 
Co-op  and  Notebook  tools  were 
the  company’s  first  foray  into 
social  search.  That  is  another 
area  where  Google  will  find 
competitors  are  building  simi¬ 
lar  social  networking  tools 
around  search  for  their  collabo¬ 
ration  platforms.® 


JavaOne  will  showcase  easier- 
to-use  development  tools 


BY  JENNIFER  MEARS  AND  JOHN  COX 

Sun’s  JavaOne  conference  this  week  is  expected 
to  highlight  the  vendor’s  growing  embrace  of 
open  source,  as  well  as  its  move  to  make  Java- 
based  applications  easier  to  deploy  and  integrate 
with  legacy  systems. 

Sun  plans  several  announcements  at  the  show, 
including  the  release  of  Java  Enterprise  Edition  5, 
which  it  previewed  earlier  this  month.  The  newest 
version  of  the  Java  specification  brings  streamlined, 
easier-to-use  development  tools  to  companies  want¬ 
ing  to  make  greater  use  of  Java-based  applications, 
according  to  Joe  Keller,  vice  president  of  marketing 
for  service-oriented  architecture  (SOA)  and  integra¬ 
tion  platform',  at  Sun. 

That  means  it  will  be  easier  to  get  Java-based  appli¬ 
cations  up. That’s  good  news  —  and  bad  news  —  for 
IT  managers,  industry'  experts  say 

“For  IT  managers  [updates  to  Java]  mean  that  soon 
they’ll  have  tools  which  will  make  their  teams  more 
productive  and  will  require  less  highly  skilled  pro¬ 
grammers  to  build  enterprise  Java  programs,”  says 
Bill  Roth,  vice  president  of  the  Workshop  Business 
Unit  at  BEA  Systems.“But  the  issue  becomes  how  to 
manage  those  applications." 

A  growing  interest  in  open  source  platforms  such 
as  Tomcat  and  JBoss,  as  well  as  open  source  Java 
frameworks  such  as  Eclipse  and  Struts,  also  could 


add  to  IT  managers’  headaches,  analysts  say  That’s 
because  as  open  source  becomes  a  larger  part  of 
Java  deployments,  there  are  questions  around  how 
to  manage  those  open  source  components. 

Vendors  are  addressing  the  issue.  BEA,  for  exam¬ 
ple,  is  updating  the  management  console  for  its 
WebLogic  application  server  to  manage  other 
platforms  better. 

IBM,  meanwhile,  is  expected  to  announce  a  pro¬ 
gram  that  will  make  it  easier  for  independent  soft¬ 
ware  vendors  to  write  applications  for  its  WebSphere 
Application  Server  Community  Edition,  built  on  the 
open  source  Apache  Geronimo  application  server. 
That  will  give  customers  more  pre-integrated  pack¬ 
ages  built  on  open  source,  IBM  says. 

In  addition  to  talk  about  managing  Java  in  mixed 
environments,  there  will  be  talk  at  the  conference 
about  the  use  of  Java  on  mobile  devices,  as  it  turns 
from  simply  supporting  games  and  other  “cool  trin¬ 
kets”  on  PDAs  and  smart-phones  to  becoming  a  plat¬ 
form  for  enterprise  applications,  says  Reder  Ulander, 
vice  president  of  marketing  for  Sun  software. 

Sun  expects  about  14,000  developers  to  attend 
JavaOne,  which  is  at  the  Moscone  Center  in  San  Fran¬ 
cisco,  about  the  same  number  as  last  year,  Ulander 
says.  In  addition  to  newly  appointed  Sun  CEO 
Jonathan  Schwartz,  executives  from  BEA,  IBM,  Oracle 
and  Motorola  will  be  giving  keynote  addresses.® 
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Communication  is  much  easier  now  with  Shore 


unified  messaging  and  call  handling  features.  ^ 


Customers  and  employees  can  find  the  right  p< 
in  each  branch  quickly  and  simply — and  adding  new 
users  and  locations  takes  less  than  a  minute.  We 
just  opened  a  new  branch  a  few  months  after  the 
system  was  installed — and  adding  that  branch 

onto  the  system  was  painless" 
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Relief,  please 

Financial  Executives  International  asked  274  companies  how  the 
implementation  of  Sarbanes-Oxley  Section  404  could  be  made 
efficient  or  effective. These  are  theirtop  recommendations: 

•  Reduce  the  degree  of  documentation  (67%)  

•  Permit  greater  reliance  on  internal  audit  data  and  resources  (66%) 

•  Permit  roll-forward  procedures  (58%) 

•  Clarify  the  definition  of  "key  controls"  (55%) 

•  Allow  cumulative  reliance  on  the  first  year's  testing  and  documentation  (53%) 


SOX 

continued  from  page  1 

“The  Sarbanes-Oxley  Act  was  a 
critical  step  in  addressing  an 
unprecedented  string  of  corpo¬ 
rate  scandals  that  were  rooted  in 
very  serious  governance,  account¬ 
ing  and  audit  failures,”  said  SEC 
Chairman  Christopher  Cox  in  his 
opening  remarks.  Section  404  has 
the  potential  to  improve  the  accu¬ 
racy  and  reliability  of  financial 
reporting,  but  only  if  it’s  imple¬ 
mented  properly  Cox  said.  “In 
practice,  it  hasn’t  always  worked 
out  that  way 

Bill  Gradison,  acting  chairman 
of  the  PCAOB,  added  that  guid¬ 
ance  the  SEC  issued  last  year 
and  PCAOB’s  latest  auditing 
standard  may  not  be  enough  to 
clarify  the  rules  that  govern  the 
reporting  and  auditing  of  inter¬ 
nal  controls.“Based  on  the  infor¬ 
mation  we  already  have,  it 
would  seem  that  some  further 
changes  may  be  in  order,” 
Gradison  said. 

Among  the  changes  panelists 
advocate  is  greater  latitude  for 
auditors  to  use  their  judgment  in 
determining  which  controls  are 
most  significant. 

Mary  Bush,  president  of  con¬ 
sulting  firm  Bush  International, 
said  there’s  a  need  for  guidance 
from  the  SEC  and  PCAOB 
around  the  areas  that  pose  the 
greatest  risk  to  accurate  financial 
reporting:“There  still  seems  to  be 
as  much  emphasis  placed  on 
low-level  process  controls  as 
there  is  on  controls  that  really 
have  a  risk  for  incorrect  financial 
reporting.” 

Several  panelists  agreed  that 
companies  and  audit  firms  need 
to  pare  back  the  number  of  con¬ 
trols  that  are  tested. 

Business  managers  at  British 
Petroleum  find  it’s  useful  to  iden¬ 
tify  document  and  test  the  effec¬ 
tiveness  of  internal  controls,  but 
balk  at  the  duplication  of  testing 
required  by  staff  and  internal  and 
external  auditors,  said  Keith 
Holmberg,vice  president  of  finan¬ 
cial  control  processes  at  the 
global  energy  company  All  that 
testing  starts  to  dilute  the  sense 
that  it’s  good  business  practice,  he 
said.  “For  us  that’s  probably  been 
the  biggest  area  of  frustration.” 

The  evaluation  of  IT-related  con¬ 
trols,  in  particular,  leaves  a  lot  to 
be  desired,  said  Susan  Gordon, 
corporate  controller  at  CBS.  Audit 
firms  today  tend  to  use  canned 
control  questionnaires,  not  tai¬ 


lored  for  specific  situations,  in 
evaluating  controls  rather  than 
taking  a  more  relevant,  risk-based 
approach  to  reviewing  IT  con¬ 
trols,  she  said. 

Adding  to  the  burden  at  CBS  is 
that  more  than  90%  of  its  IT  con¬ 
trols  are  manual.  Looking  ahead, 
Gordon  hopes  to  see  that  drop  to 
80%  in  2006.  As  new  applications 
and  systems  are  deployed,  IT  staff 
will  design  the  necessary  con¬ 
trols  from  the  start,  Gordon  said. 
“IS  and  IT  are  onboard  with  this, 
and  they  see  this  as  a  great 
opportunity  she  said. 

Stephen  Sherwin,  chairman  and 
CEO  of  biotech  firm  Cell  Genesys, 
said  the  topic  of  IT  controls  illus¬ 
trates  the  huge  burden  Section 
404  places  on  smaller  public  com¬ 
panies  —  including  his. 

“404  oversight  in  the  IT  area  is 
particularly  onerous  to  smaller 
companies,”  Sherwin  said.  “The 
problem  is  that  the  lack  of  ade¬ 
quate  staff  and  infrastructure 
forces  the  hand  of  the  smaller 
public  company  to  seek  outside 
consultative  support  to  carry  out 
the  necessary  testing.”  That 
expense  adds  up  to  “our  never 
having  any  confidence  that  the 
cost  requirement  of  implement¬ 
ing  these  regulations  as  they  are 
now  defined  will  go  down  over 
time,”  he  said. 

Sherwin  was  the  sole  CEO  of  a 
small  public  company  present  at 
the  roundtable,  but  he  wasn’t  the 
only  panelist  to  address  the  SOX 
burden  on  smaller  public  compa¬ 
nies,  which  have  to  begin  comply¬ 
ing  with  Section  404  next  year. 

An  SEC  advisory  committee  in 
April  recommended  establish¬ 
ing  a  scaled-back  regulation  for 
smaller  public  companies  that 
don’t  have  the  resources  to 
comply  with  Section  404 
requirements  in  their  current 
form.  But  panelists  pointed  out 
having  sound  internal  controls 
is  important  to  businesses  of  all 
sizes. 


The  legislation  requires  manage¬ 
ment  at  all  public  companies  to 
assess  their  internal  controls,  and 
all  public  companies  should  be 
held  up  to  that  requirement,  said 
Damon  Silvers,  associate  general 
counsel  of  the  AFL-CIO.  “On 
behalf  of  the  individuals,  the 
members  of  the  AFL-ClO’s  unions, 
we  would  not  want  any  of  them  to 
be  subject  to  a  pitch  to  buy  the 
stock  of  any  company  whose 
management  could  not  do  so,” 
Silver  said. 

In  addition,  large  businesses  are 
equally  interested  in  guidance 
that  might  alleviate  the  burden  of 
Section  404.  “If  you’re  going  to 
change  something  for  the  small 
businesses,  large  businesses  here 


would  like  to  hear  about  it  as  well,” 
said  Kimberly  Gavaletz,  a  vice 
president  at  Lockheed  Martin. 

Large  public  companies  know 
all  too  well  the  cost  of  compli¬ 
ance.  Financial  Executives 
International  (FEI)  surveyed 
274  public  companies  and 
found  average  compliance 
costs  were  about  $3.8  million  in 
fiscal  year  2005.  Companies 
spent  an  average  22,786  staff 
hours  internally  to  comply  with 
Section  404  in  2005. 

The  good  news  is,  companies 
with  two  years  of  compliance 
under  their  belts  reported  that 
costs  dropped  an  average  of  16%, 
said  Colleen  Cunningham,  presi¬ 
dent  and  CEO  of  FEI. 

But  that’s  not  always  the  case.GE 
spent  about  $33  million  on 
Section  404  compliance  in  2004, 
and  costs  ran  about  the  same  in 
2005, said  Philip  Ameen.vice  pres¬ 
ident  and  comptroller  at  GE. 

While  GE’s  tally  didn’t  decline, 
there  are  positive  outcomes  from 
the  legislation.  Two  years  of 
Section  404  compliance  has 
focused  the  company  on  the  con¬ 
trols  that  are  most  important  to  its 
reporting  processes,  Ameen  said. 
“Overall,  on  balance,  I  think  the 
management  team,  the  board  of 


directors  and  people  down  in 
trenches  doing  the  testing  are 
favorably  impressed  with  progress 
that  has  been  made  in  the  second 
year  of  404.” 

FEl’s  survey  tells  a  similar  story 
Among  respondents,  44%  said 
financial  reports  are  more  reliable, 
and  33%  agreed  that  compliance 
with  Section  404  has  helped  pre¬ 
vent  or  detect  fraud. 

But  is  that  enough?  No,  accord¬ 
ing  to  the  85%  of  FEI  survey 
respondents  who  believe  the 
costs  of  SOX  compliance  still  out¬ 
weigh  the  benefits. 

Despite  the  challenges,  not 
everyone  wants  to  see  the  rules  or 
guidance  related  to  Section  404 
altered,  given  the  disruption  it 
would  cause  to  ongoing  audits. 

J.  Michael  Cook  recommended 
changing  as  little  as  possible  and 
only  that  which  is  absolutely  nec¬ 
essary”  1  recognize  that  if  you  put 
out  more  guidance,  there  are 
going  to  be  10,000  or  15,000  peo¬ 
ple  in  a  large  number  of  firms 
that  are  going  to  have  to  be 
trained  in  it,  figure  out  what  it 
means,”  said  Cook,  who  is  audit 
committee  chairman  at  compa¬ 
nies  including  Burt’s  Bees, 
Comcast  and  Eli  Lilly.“Everything 
will  be  in  limbo  again.”B 


ShoreTel's  IP  PBX  upgrade 
targeted  at  smaller  offices 


BY  PHIL  HOCHMUTH 

ShoreTel  this  week  is  expected  to  launch  up¬ 
grades  to  its  IP  PBX  operating  system  and  phones, 
intended  to  make  its  enterprise-scale  VoIP  system 
emulate  small-office  key  telephone  systems  —  but 
with  an  IP  twist. 

Release  6. 1  of  ShoreTel’s  ShoreGear  IP  PBX  equip¬ 
ment  has  several  features  targeted  at  offices  with 
fewer  than  50  employees.  One  feature  is  the  ability  to 
ring  multiple  phones  through  a  single  inbound  num¬ 
ber,  a  familiar  function  of  retail-style  key  phone  sys¬ 
tems.  ShoreTel  also  is  launching  low-cost  IP  phones 
and  a  high-end  phone  with  Gigabit  Ethernet  and 
Fbwer  over  Ethernet  (FbE)  capabilities.The  new  gear 
could  help  small  shops  that  are  hesitant  to  dump 
their  familiar,  stable  key  phone  systems  move  to  VoIP 

ShoreTel’s  IP  PBX  gear  operates  in  a  distributed 
way;  ShoreTel’s  appliance  plugs  into  the  wiring  clos¬ 
et  LAN  switch  that  connects  users’  IP  phones.  The 
ShoreTel  boxes  provide  VoIP  call  control  and  fea¬ 
tures  via  the  Media  Gateway  Control  Protocol  and 
the  phones’  dial  plans,  and  connect  to  other 
ShoreTel  boxes  on  the  network  over  the  LAN  or 
WAN.  This  emulates  a  centralized,  large-scale  PBX, 
but  the  distributed  nature  of  the  system  provides 
redundancy,  ShoreTel  says. 

While  they  emulate  old  key  phone  systems,  Shore¬ 


Tel  says  its  products  offer  the  advantage  of  VoIP:  Calls 
can  be  routed  inexpensively  over  IP  WAN  connec¬ 
tions;  systems  can  be  centrally  managed  via  a  Web- 
based  console;  and  voice  integration,  messaging, 
presence  and  other  VoIP  applications  are  options. 

Smithco  Engineering,  a  manufacturer  of  industrial 
heating  and  cooling  systems,  uses  the  new  IP  212K 
phones  in  its  three  Tulsa,  Okla.,  locations. 

“The  ability  to  have  12  lines  displayed  on  the 
screen,”  is  a  nice  feature,  says  Randy  Adams,  systems 
analyst  with  the  company  This  lets  the  small  firm's  84 
employees  pick  up  incoming  calls  no  matter  where 
the  office  is  located. 

ShoreTel  also  is  launching  the  IP  212K  Key  System 
Telephone,  an  IP  phone  with  12  programmable  but¬ 
tons  and  eight  preprogrammed  function  keys:  trans¬ 
fer,  conference,  intercom,  redial,  voice  mail,  hold, 
options  and  directory.  It  has  two  10/lOOMbps  FbE 
ports,  speakerphone  and  LCD  screen.  Also  new  are 
the  IP  230  Staff  Telephone  (three  programmable  but¬ 
tons,  two  10/ 100Mbps  FbE  ports,  LCD  screen  and 
speakerphone)  and  the  IP  560g  Gigabit  Telephone 
(two  10/ 100/ 1000Mbps  FbE  ports,  six  program  keys, 
LCD  screen  and  speakerphone). 

ShoreTel  Release  6.1  is  a  free  upgrade  to  existing 
ShoreTel  customers.  The  IP  212K  phone  costs  $300, 
the  IP  230  costs  $260,  and  the  IP  560g  costs  $430.  ■ 
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Symantec  bids  to  be  data  center  ‘standard’ 


BY  ELLEN  MESSMER 

SAN  FRANCSICO  —  Symantec  execu¬ 
tives  used  their  Vision  2006  customer  con¬ 
ference  last  week  to  tout  the  breadth  of  the 
company’s  data  center  management  offer¬ 
ings  made  possible  by  last  year’s  acquisi¬ 
tion  of  Veritas  —  but  some  customers  and 
industry  analysts  said  they  still  see  gaps  in 
the  lineup. 

In  unveiling  new  storage  and  server  man¬ 
agement  products  under  its  Data  Center 
Foundation  label,  Symantec  is  in  an 
increasingly  strong  position  to  woo  cus¬ 
tomers  from  competitors  that  include  IBM, 
EMC,  HPCA  and  dozens  of  smaller  vendors 
specializing  in  storage  or  server  manage¬ 
ment  and  application  performance.  But 
Symantec’s  lack  of  products  to  support 
mainframes,  among  other  things,  weakens 
its  bid  for  dominion  over  the  data  center, 
observers  said.  Symantec  also  is  obfuscat¬ 
ing  the  meaning  of  “standard,”  the  word  it’s 
using  as  a  marketing  drumbeat, some  said. 

“When  we  talk  about  creating  a  standard, 
we  mean  the  ability  to  have  a  single  layer  of 
infrastructure  software  that  works  with 
everything," said  Kris  Hagerman, senior  vice 
president  in  Symantec’s  data  center  man¬ 
agement  group.  With  its  new  products, 
Hagerman  said  Symantec  is  in  a  position  to 
move  data  center  managers  toward  stan¬ 
dardization  based  on  Symantec. 

Symantec  CEO  John  Thompson  also 
sounded  the  theme  in  his  keynote  address 
to  the  3,500  conference  attendees,  saying 
“the  next  step  is  standardization  on  a  soft¬ 
ware  infrastructure  that  supports  every  plat¬ 
form  in  the  data  center’’ 

Some  analysts  pointed  out  Symantec’s 
use  of  the  word  “standard”  has  nothing  to 
do  with  any  formal  industry  standards  of 
any  kind  that  would  promote  interoper¬ 
ability.  Data  management  standards 
“remain  very  immature  at  this  point,”  said 
William  Hurley,  senior  analyst  at  Data 
Mobility  Group.  “By  standardization,  they 
[at  Symantec]  mean  in  the  sense  that 
Windows  and  Intel  became  a  de  facto 
standard.” 

And  though  focused  on  the  data  center, 
Symantec  had  nothing  to  say  about  the  role 
of  the  mainframe  because  it  has  no  main¬ 
frame  tools  nor  plans  for  any  Tad  Lebeck, 
vice  president  of  data  center  strategy  at 
Symantec, said  Symantec  has  no  interest  in 
mainframe  management,  especially 
because  vendors  such  as  IBM  already  play 
a  strong  role  there. 

Marketing  aside,  Symantec  does  have  a 
strong  story  to  tell  about  its  Veritas  software 
because  of  its  suite  for  centralized  manage¬ 
ment  of  storage-area  networks  and  servers, 
Hurley  said. 

“Veritas  has  been  ahead  of  the  curve 
because  of  the  breadth  and  class  of  its 
server  and  storage  foundation,”  Hurley  said. 


Competitors  Hitachi,  EMC, HP  and  IBM  also 
have  extensive  tools  suites,  but  they  tend  to 
be  more  hardware-centric,  though  that’s 
changing. 

While  most  of  the  Symantec  Data  Center 
Foundation  announcement  last  week 
entailed  rebranding  ofVeritas  products  into 
four  groupings  for  data  protection,  storage 
management,  server  management  and 
application  performance,  there  also  were 
new  product  additions. 

The  Storage  Foundation  Management 
Server,  expected  in  July  would  let  network 
managers  centralize  management  of  Unix, 
Linux  and  Windows  servers.  Another 
upcoming  product,  Storage  Foundation 
Basic,  is  at  the  heart  of  a  subset  of  the 
Management  Server  that  will  be  offered 
free  to  customers  if  they  forego  support. 
With  support,  Storage  Foundation  Basic 
would  cost  $98  per  CPU.  According  to 
Hagerman,  the  free  software  is  aimed  at  use 
on  edge-tier  Web  and  e-mail  servers. 

Symantec  acknowledged  its  bid  to  cap¬ 
ture  the  data  center  is  hampered  by  the 
complex, heterogeneous  nature  of  the  data- 
management  tools  often  in  place  today 

Outsourcing  provider  Electronic  Data 
Systems  (EDS)  manages  more  than  65,000 
servers  in  240  data  centers  worldwide.  Larry 
Lozen,  vice  president  of  data  center  ser¬ 
vices  at  EDS,  said  the  Symantec  Veritas  tools 
are  deployed  at  EDS  on  behalf  of  its  out¬ 
sourcing  clientele.  But  so  are  many  ven¬ 
dors’  data-management  products.“Today,  we 
have  one  of  everything,”  he  said. 

A  typical  contract  between  EDS  and  a 
customer  requires  the  customer  to  accept 
the  licensing  for  tools  EDS  has  selected, 
should  the  outsourcing  contract  end  for 
any  reason. 

EDS  does  want  more  homogeneity  in  its 
data  centers  and  will  seek  to  expand  use  of 
Symantec  Veritas  tools,  though  that 
wouldn’t  affect  what  EDS  does  with  its“mas- 
sive  amount”  of  mainframe  processing. 
Lozen  said  EDS  is  interested  in  expanding 
its  use  of  Symantec  tools  not  only  because 
they’re  high  quality  but  also  because 
Symantec  is  willing  to  work  with  EDS  to 
build  a“managerof  managers”to  unify  man¬ 
agement  of  multi-vendor  data-center  tools. 

“We  have  a  homegrown  one,  we’ve  done 
it  to  create  an  umbrella,  but  we  don’t  want 
to  do  this  on  our  own  anymore,”  Lozen  said. 

Another  Symantec  customer,  the  financial 
services  firm  State  Street  in  Boston,  also  is 
expanding  its  use  of  Veritas  backup  and 
management  products  as  it  migrates  from 
Solaris  to  A1X  and  Linux  in  its  data  centers. 

While  State  Street  regards  Symantec 
Veritas  as  its  preferred  vendor,  it  can’t  be  the 
only  data-management  player  in  its  data 
centers. 

Jason  Gregerman,  State  Street’s  vice  presi¬ 
dent  of  global  infrastructure  services, 


Americas  region, said  the  firm  relies  heavily 
on  its  mainframes, which  he  said  carry“15% 
of  the  world’s  assets  every  day!’ 

He  also  noted  that  so  far,  neither 
Symantec  nor  any  other  vendor  can 


achieve  what  Street  State  would  really  like: 
the  ability  to  replicate  data  asynchronously 
to  data  centers  as  far  away  as  1,500  miles 
without  extra  installations  or  worries  about 
loss  through  latency  ■ 
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Florida  Guardian  ad  Litem  Saw  the  Future  of  Child  Advocacy. 


Citrix  Provided  Access. 


-life 


“Custody  rulings.  Foster  care.  Adoptions.  Our  founding  vision  was  to  give  every  abused 
and  neglected  child  in  Florida  a  strong  advocate  in  court.  Two  years  later,  we’re  well  on 
our  way.  Today,  program  staff,  attorneys  and  over  5,000  volunteers  represent  more 
than  27,000  children.  Instead  of  information  in  file  drawers  scattered  all  over  the  state, 
Citrix  software  gives  advocates  secure  access  to  our  case  management  system  from 
anywhere.  Resources  are  precious,  so  we  must  apply  them  wisely,  not  waste  time 
chasing  data.  These  kids  depend  on  us.  That’s  why  we’re  depending  on  Citrix  to  take 
us  the  rest  of  the  way  to  advocate  for  every  Florida  child  in  need.  ” 


JOHNNY  C.  WHITE 
CIO 

Florida  Guardian  ad  Litem  Program 


©2006  Citrix  Systems,  Inc,  All  rights  reserved.  Citrix*  is  a  trademark  of  Citrix  Systems,  Inc. 
and/or  one  or  more  of  its  subsidiaries,  and  may  be  registered  in  the  United  States  Patent  and 
Trademark  Office  and  in  other  countries.  All  other  trademarks  and  registered  trademarks  are 

the  property  of  their  respective  owners. 


CITRIX 


Special  Advertising  Section 


Benchmarks 


Volume  5,  Issue  2 


2 


Mirapoint  Message  Server  emerges  as  attractive 
alternative  to  Microsoft  Outlook  for  enterprise  messaging 

Mirapoint  offering  delivers  full  functionalitiy  to  Outlook  clients  while  offering 
platform  and  security  advantages  over  Microsoft  Exchange 


3  Nortel  Ethernet  Routing  Switch  5000  Series  outclasses 
rivals  in  stack  performance  tests 

Nortel  solution  forwards  nearly  8X  more  frames  and  introduces  up  to  44%  less  latency  than  Cisco  and 
HP  solutions  tested 


Malicious  software  meets  its  match  with  Sana  Security's 
Primary  Response  SafeConnect 

Security  product  is  designed  to  identify  malware  based  on  specific  combinations  of  behaviors  exhibited  by  the  suspicious  programs 

BlueArc  Titan  2200  network  storage  system  excels  at  high  performance 

Titan  2200  delivers  average  sustained  throughput  of  up  to  718  MB/sec  from  a  single  Titan  when  handling  a 
mix  of  read/write  1/0  operations 

Modular  Nortel  DS3/T1  WAN  router  outclasses  Cisco  gear  in  throughput  tests 

Secure  Router  3120  demonstrates  wire-speed  performance  while  simultaneously  supporting  active  QoS,  ACL 
filters  and  NAT  services 


Nortel  Secure  Routers  demo  wire-speed  dominance  over  Cisco  WAN  routers 
for  branch  office  connectivity 

Secure  Routers  1002  and  1004  achieve  wire-speed  performance  for  most  packet 
sizes  tested  while  also  supporting  active  QoS,  IPSec  VPN  and  stateful  firewall 
services  over  T1  lines 


Tests  reveal  that  Wiresoft  Security 
Platform  hits  the  mark  for  SMBs 

Comprehensive  bundled  security  platform  addresses 
wide  range  of  SMB  security  requirements  without 
breaking  the  bank 


TOLLY 


Tolly  Benchmarks  is  a  regular  advertising  supplement  that  highlights  innovative  and 
compelling  technology  research  conducted  by  The  Tolly  Group,  the  industry's  leading 
independent  testing  and  strategic  consulting  organization  based  in  Boca  Raton,  FL.  For 
more  information  on  any  of  the  products  or  technologies  covered  here,  visit  The  Tolly 
Group's  Web  site  at  http://www.tolly.com. 

info@tolly.com  phone  (561)  391-5610  fax  (561)  391-5810 
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•  Installs  and  integrates  easily  into  an 
existing  Microsoft  Windows  2000/2003 
Server  and  Active  Directory  environment 

•  Offers  Outlook  synchronization  technology 
that  supports  native  Outlook  client  func¬ 
tionality 

•  Boasts  significant  features  that  add  to 
the  overall  system  reliability  and  stability, 
including  built-in  power  redundancy, 
support  for  RAID  disks  and  inclusion  of 
backup/restore  capabilities 


Mirapoint  Message 

Server  emerges  as  attractive 

alternative  to  Microsoft  Outlook 

for  enterprise  messaging 


Mirapoint,  Inc.  commissioned  The  Tolly 
Group  to  build  a  microcosm  of  an  enter¬ 
prise  E-mail  environment  and  validate 
specific  capabilities  of  the  vendor's 
Message  Server  appliance  related  to  its 
ability  to  provide  a  "drop  in"  replace¬ 
ment  to  Microsoft's  Exchange  E-mail 
application. 

This  hands-on  evaluation  proved  conclu¬ 
sively  that  Mirapoint's  Message  Server 
appliance  can  provide  a  viable  alterna¬ 
tive  to  Microsoft's  Windows-based 
Exchange  Server  mail  transport  applica¬ 
tion  providing  full  functionaiitiy  to 
Outlook  clients  via  Mirapoint's  Outlook 
SynQ  technology  while  offering  plat¬ 
form  and  security  advantages  over 
Microsoft  Exchange. 

Additionally,  Mirapoint's  browser-based 
client.  Corporate  Edition  WebMail, 
offers  a  seamless  transition  for  end 
users  familiar  with  Outlook  Web  Access 
(0WA).  Corporate  Edition  WebMail  sup¬ 
ports  features  like  shared  calendar  and 
folders,  compose  pop-up  windows  and 
auto-complete  addressing. 


as  an  application  installed  on  a 
general-purpose  Windows  server 
platform. 

Rather  than  having  its  owi 
duplicate  directory  for  system  users, 
Mirapoint's  Message  Server  appliance 
uses  Microsoft's  standard  Active 
Directory  application  programming  inter¬ 
face  (API)  to  communicate  with  an 
Active  Directory  server  to  fetch  and  store 
user  information.  This  integration  is  an 
essential  element  of  the  "plug-and-play- 
compatibility"  of  the  Mirapoint  solution. 

From  an  E-mail  perspective,  all  of  the 
critical  functions  of  the  Outlook  client 
work  the  same  when  communicating  with 
Mirapoint's  mail  hub  as  they  do  when 
communicating  with  a  Microsoft  Ex¬ 
change  Server  system. 

For  Web-based  users,  Mirapoint's 
Corporate  Edition  WebMail  interface 
provides  browser-based  access  that 
matches  that  offered  by  Microsoft's 
Outlook  Web  Access  client. 


into  its  appliance  to  provide  an  overall 
secure  messaging  infrastructure. 


Aside  from  the  myriad  software  features 
aimed  at  increasing  uptime  at  the  applica¬ 
tion  level,  Mirapoint  boasts  significant 
lower-level  features  that  add  to  the  over¬ 
all  system  reliability  and  stability. 

Since  Mirapoint's  system  comes  with  disks 
configured  with  RAID  (redundant  array  of 
independent  disks),  it  eliminates  the  possi¬ 
bility  that  a  hardware  error  with  a  single 
disk  can  cause  the  system  to  fail.  The  sys¬ 
tem's  OS  is  built  on  a  Unix  core,  which  is 
generally  acknowledged  by  security  ana¬ 
lysts  to  be  a  far  more  solid,  less  "hackable" 
core  than  the  Windows  2003  Server  core 
upon  which  Microsoft  Exchange  runs. 
Furthermore,  Mirapoint  offers  backup/ 
restore  capabilities  to  minimize  data  loss  in 
the  case  of  an  unplanned  outage. 


Special  Advertising  Section 


Tests  show  that  Mirapoint's  Message 
Server  appliance  is  easily  installed  and 
integrated  into  an  existing  Microsoft 
Windows  2000/2003  Server  and  Active 
Directory  environment.  Its  appliance 
implementation  provides  far  greater  relia¬ 
bility  and  robustness  than  Microsoft 
Exchange  which  is  typically  implemented 


In  addition,  Mirapoint  integrates  addi¬ 
tional  features  like  multi-layered  anti¬ 
spam,  anti-virus  and  content  filtering 


^  MIRAPOINT* 
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Nortel  Ethernet  Routing 

Switch  5000  Series 

outclasses  rivals  in  stack 
performance  tests 

Nortel  commissioned  The  Tolly  Group  to  evaluate  the  Layer  2  switching 
performance,  resiliency  and  ease  of  use  delivered  by  the  company's  stack- 
able  Ethernet  Routing  Switch  5000  series  of  switches. 


The  Nortel  Ethernet  Routing  Switch  5000  series  of  stack- 
able  switches  tested  include  24-  and  48-port  versions  of 
5510,  5520  and  5530  models  —  single  rack-unit  stack- 
able  Gigabit  Ethernet  (GbE)  Layer  3  routing  switches 
designed  to  provide  high-density  GbE  desktop  connectivity 
to  mid  and  large  enterprise  customers'  wiring  closets. 

Engineers  measured  the  performance  and  resiliency  charac¬ 
teristics  of  the  Ethernet  Routing  Switch  5000  series  switch¬ 
es  against  Cisco  Systems,  Inc.  Catalyst  3750G  switches  and 
Hewlett-Packard  Co.  ProCurve  3400cl  switches. 

Layer  2  performance  tests  on  the  DUTs  in  an  eight-switch 
stack  revealed  that  the  Nortel  switches  consistently  out¬ 
performed  the  Cisco  Catalyst  3750G  and  HP  ProCurve 
3400cl  switches  while  handling  line-rate  traffic  of  64-, 
512-  and  1,518-byte  frames  across  the  202  ports  in  the 
stack.  Nortel's  switch  stack  achieved  frame  forwarding 
rates  in  excess  of  300  million  frames  per  second  (fps)  for 
64-byte  frames  versus  171  million  fps  for  HP's  ProCurve 
3400cl  and  just  38  million  fps  for  Cisco's  Catalyst  3750G. 


Zero-loss  (<  0.001%)  Aggregate  Layer  2  Throughput 

of  Ethernet  Routing  Switch  5510-48T  in  an 
Eight-switch  Stack  Configuration  (320  GbE  ports) 

as  Reported  by  SmartBits  SmartFlow  4.60 


64  128  256  512  1,024  1,280  1,518 

For  more  information,  go  to  Ethernet  frame  size  (bytes) 

http://www.norlel.com  Switching  capacity  Throughput 


In  standalone  switch  tests,  results  show  that  both  Nortel  and  HP  switch¬ 
es  achieved  100%  of  the  maximum  theoretical  throughput  while  handling 
Layer  2  test  traffic  consisting  of  64-,  512-  and  1,518-byte  frames  trans¬ 
mitted  across  48  ports  in  a  port-to-port  configuration.  Cisco  could  only 


•  Achieves  line-rate  performance  of  202  Gbps  frame-forwarding 
in  an  eight-unit  stack,  while  Cisco  and  HP  switches  support 
only  25.7  Gbps  and  114.7  Gbps  respectively 


win 


•  Recovers  from  link  and  switch  outages  almost  10X  faster  using 
Nortel's  SMLT  implementation  than  the  RSTP  implementation 
in  the  Cisco  Catalyst  and  HP  ProCurve  solutions  tested 

I 
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achieve  throughput  of  55%  of  the  theoretical  maximum  for  64-byte 
frames,  61%  for  512-byte  frames  and  62%  for  1,518-byte  frames. 

A  probe  of  failover  capabilities  shows  that  Nortel's  Ethernet  Routing 
Switch  8600  and  5530  solution  using  SMLT  demonstrated  the  fastest  net¬ 
work  failover  time  in  the  event  of  a  link  or  switch  failure.  Nortel's  solution 
using  Split  Multi-Link  Trunking  failed-over  in  0.5  seconds  while  Cisco's 
solution  took  1.7  seconds  and  HP's  solution  took  3.1  seconds. 

Engineers  also  examined  the  relative  ease  of  use  of  all  devices  tested.  Nortel's 
test  bed,  consisting  of  two  Ethernet  Routing  Switch  5530  access  switches 
and  two  Ethernet  Routing  Switch  8600  core  switches,  required  a  total  of  60 
commands  to  configure  SMLT.  HP's  test  bed,  consisting  of  two  ProCurve 
3400cl  access  switches  and  two  ProCurve  9300  core  switches,  needed  102 
commands  to  configure  RSTR  Cisco's  test  bed  consisting  of  two  Catalyst 
3750G  access  switches  and  two  Catalyst  6500  core  switches  needed  1 56 
commands  to  configure  RSTP. 


Shows  ease  of  use  by  requiring  only  60  CLI  commands  in  a  four- 
switch  SMLT  scenario,  while  RSTP  solutions  tested  require  1 56 
and  102  commands,  respectively 


View  the  full  report  at: 

http://www.tolly.com/DocDetail.aspx?DocNumber=206106 
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Malicious  software  meets  its  match  with 

the  behavioral  detection  of  Sana  Security's 

Primary  Response  SafeConnect 


Sana  Security,  Inc.  commissioned  The 
Tolly  Group  to  evaluate  its  Primary 
Response  SafeConnect,  a  software  pro¬ 
gram  designed  for  Windows-based  oper¬ 
ating  systems  (2000,  XP)  to  detect  and 
remove  malicious  programs. 

Unlike  traditional  intrusion  prevention 
systems,  this  product  is  designed  to 
identify  malware  based  on  specific  com¬ 
binations  of  behaviors  exhibited  by  the 
suspicious  programs,  such  as  writing  to 
the  registry,  surviving  reboots,  executing 
from  the  Windows  directory,  double  file 
extensions,  and/or  hidden  processes. 

Primary  Response  SafeConnect  detec¬ 
ted  and  removed  100%  -  all  4,280  - 
of  the  malware  programs  to  which  it 
was  exposed.  The  test  results  conclu¬ 
sively  demonstrate  that  the  program 
successfully  accomplished  its  main 
objective  —  identifying  and  removing 
programs  showing  signs  of  suspicious 
behavior,  such  as  trojans,  rootkits, 
spyware,  adware  and  more. 


Sponsor:  Sana  Security,  Inc. 


Detects  100%  (4,280  out  of  4,280)  malware  threats  from  infected  URLs 
providing  constant  protection  against  malware 


•  Evaluates  real-time  behavior  of  programs  to  instantly  determine  if  malwa 
does  not  rely  on  time-intensive  signature  scanning 


•  Eliminates  need  for  costly  and  time-consuming  patches  and  signature 
updates  as  new  malware  is  introduced 


I 


Captures  and  removes  affected  programs  from  computer,  allowing  users  to 
quarantine  or  allow  programs  as  necessary 


Document  number:  206125 


Product  class: 

•  Intrusion  Prevention  System 


Products  under  test: 

•  Primary  Response  SafeConnect  SW 
Ver.  2.0.0.588 

11B3H 

For  more  inf  o  on  this  test  visit 

•  httpj/www^anasacu  rity.com 


Engineers  also  measured  the  CPU  uti¬ 
lization  and  memory  utilization  of 
Primary  Response  SafeConnect  during 
peak  program  usage.  The  total  CPU 
utilization  of  the  three  program  compo¬ 
nents  was  less  than  5%  of  total  CPU, 
indicating  that  Primary  Response 
SafeConnect  required  a  very  low  CPU 
usage  level  to  function  effectively.  Of 
the  4.95%  of  the  total  CPU  utilization, 
0.016%  was  used  by  SafeConnect.exe, 
4.93%  was  used  by  Agent.exe,  and 
0.003%  was  used  by  Monitor.exe. 

Results  were  similar  for  measuring 
physical  memory  utilization  required  by 
Primary  Response  SafeConnect.  Safe¬ 
Connect.exe  required  19.3  MB  of 
memory,  SanaAgent.exe  required  30.6 
MB  and  Monitor.exe  required  0.9  MB 
for  a  total  of  50.8  MB  of  physical 
memory  required  to  operate  the  pro¬ 
gram.  This  equated  to  approximately 
6%  of  the  768  MB  of  RAM  installed  on 
the  machine  during  peak  usage  when 
malware  was  removed.  Sana  Security 
says  memory  utilization  often  is  lower 
during  normal  day-to-day  operations. 


2  Sana  Security. 


Sana  Security 

Primary  Response  SafeConnect 
Features  and  Product  Specifications* 

Features 

•  Comprehensive  protection  against  many 
different  attacks  in  a  single  solution 

•  Instant  detection  and  removal  of  malicious 
software  in  real-time  without  scanning 

•  Constant  protection  that  is  always  up-to- 
date  without  requiring  signature  updates 

•  Complete  removal 

Product  Specifications 

•  Windows  2000,  XP  (Home  and  Pro), 
Media  Center  2005 

•  Pentium  III  processor  running  a  minimum 
of  600  MHz 

•  Memory:  256  MB  of  RAM 

•  Disk  space:  50  MB 

•  Internet  Explorer  5.5  or  later 

For  more  information  contact: 

Sana  Security,  Inc. 

2121  South  El  Camino  Real,  Suite  700 

San  Mateo,  CA 

Phone:  (650)292-7100 

Fax:  (650)  292-7110 

URL:  http://www.sanasecurity.com 

*  Vendor-supplied  information  not  verified  by 
The  Tolly  Group 


Sponsor:  BlueArc  Corp. 


Document  number:  206132 


For  more  info  on  this  test,  visit: 

•  http://www.bluearc.com 


BlueArc  Titan  2200 

network  storage  system 

excels  at  hig: 
performance 


•  Delivers  average  sustained  throughput  of  718  MB/sec  from  a  single  Titan  when  handling  a  mix  of  read/write  I/O  operations 
from  48  clients  to  disk 

•  Achieves  sustained  read  throughput  of  656  MB/sec  to  a  single  Titan,  when  handling  read  operations'from  48  clients  through 
to  disk,  not  from  cache 

•  Sustains  write  throughput  of  450  MB/sec  on  average  to  a  single  Titan,  when  handling  writes  from  48  clients  to  disk 

•  For  higher  throughput,  clustering  is  supported  with  global  name  space  and  will  be  tested  in  a  separate  report 


BlueArc  Corp.  commissioned  The  Tolly  Group  to  exam¬ 
ine  the  performance  of  the  company’s  Titan  2200,  a 
network-attached  storage  (NAS)  solution  that  the 
company  claims  is  the  fastest  system  on  the  market 
and  also  the  most  scalable,  able  to  consolidate  and 
manage  up  to  512  terabytes  of  data  in  a  single 
storage  pool. 


BlueArc  Titan  2200 

Single-Node  Throughput  Performance  (MB  per  second) 

as  reported  by  lOZone  3.257 


Tolly  Group  engineers  focused  tests  on  the 
average  throughput  of  a  single  Titan  2200  node 
handling  1/0  requests  between  48  client  PCs.  The 
back-end  SAN  storage  was  comprised  of  multiple 
Engenio  2882  storage  systems,  consolidated  into 
a  single  virtual  storage  pool  and  name  space. 
Throughput  was  measured  for  a  variety  of  read, 
write  and  mixed  read/write  operations. 

Tests  show  that  a  single  Titan  2200  can  deliver  uniform 
performance  even  as  NFS  record  sizes  accessed  by 
cfents  increase  from  4K  bytes  to  64K  bytes. 

When  handling  random  read/write  operations,  the 
Titan  2200  delivered  an  average  of  718  MB/sec 
of  sustained  throughput  to  disk  over  the  six  bond¬ 
ed  1-Gbps  Ethernet  connections  tested. 

Tolly  Group  engineers  looked  at  write  operations  and 
found  that  the  Titan  2200  sustained  throughput  of 
460  MB/sec  on  average.  For  read  operations,  the 
Titan  2200  delivered  656  MB/sec  of  average  sus¬ 
tained  throughput  to  disk. 


4  KB 


8  KB 


Initial  write 


32  KB 

Record  size 


64  KB 


Initial  read 


Random  Write  and  Read 
(70%  Write -30%  Read) 


The  BlueArc  Titan  architecture  is  massively  paral¬ 
lel.  It  can  do  many  things  concurrently  at  wire 
speed.  BlueArc  explains  that  this  is  possible 
because  the  Titan  2200  employs  12  high-density 
field-programmable  gate  arrays  (FPGAs)  with  up  to 
32  gigabytes  of  distributed  memory,  dual  pipelines, 
hardware-based  operating  system,  and  file  systems 
creating  a  high-performance  parallel  design.  The 
Titan  2200  architecture  is  optimized  for  data  move¬ 
ment  and  implementing  advanced  features  at  wire 
speed,  according  to  the  company. 

Tests  show  that  the  Titan  2200  can  support  signifi¬ 
cant  numbers  of  connections,  meaning  users  can 
have  a  lot  of  application  tiers  contending  for  atten¬ 
tion  at  the  same  time  with  no  degradation  in 
throughput  or  1/0.  This  performance 
profile  makes  it 


ideal  for  high  performance  applications  or  consolida¬ 
tion  of  multiple  network  storage  servers,  into  a  faster 
centralized  Titan  solution.  Titan  can  also  be  clustered 
for  HA  or  additional  throughput  and  can  also  handle 
high  transactional  loads  per  SPECsfs  results  on 
www.spec.org. 

BLUE-ARC8 


View  the  full  Test  Summary  at: 

http://www.tolly.com/DocDetail.aspx? 

DocNomher=206132 
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Benchmarks 


Nortel  Secure  Router  3120 

demonstrates  superior 

DS3/T1  throughput 


•  Secure  Router  3120  demonstrates  wire- 
speed  performance  while  simultaneous¬ 
ly  supporting  active  Quality  of  Service 
(QoS),  Access  Control  List  (ACL)  filters 
and  Network  Address  Translation  (NAT) 
services 

•  Delivers  more  than  double  the  through¬ 
put  of  the  Cisco  3825  and  as  much  as 
four  times  the  throughput  of  the  Cisco 
2821  when  tested  over  a  point-to-point 
DS3  link 

•  Outperforms  Cisco  2821  routers,  delivering 
more  than  4X  the  throughput  when  tested 
across  a  group  of  eight  point-to-point  T1 
connections 


Nortel  Secure  Router  3120  versus  Cisco  2821/Cisco  3825 
Full-Duplex,  1xDS3  PPP  WAN  Throughput 
Zero-Loss  Performance  with  QoS/ACl/NAT  Enabled 
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Wide-area  network  routers  that  aggregate  traffic 
from  many  remote  sites,  especially  across  DS3  or 
multiple  T1/E1  links,  must  be  able  to  deliver  high  throughput,  even  with 
Quality  of  Service  (QoS),  Network  Address  Translation  (NAT),  and  secu¬ 
rity  services  active  and  vying  for  processor  cycles. 

In  a  series  of  tests  commissioned  by  Nortel,  Tolly  Group  engineers 
measured  the  multilink  Point-to-Point  Protocol  (PPP) 
zero-loss  throughput  of  the  modu¬ 
lar  Nortel  Secure  Router  3120  I 
with  QoS,  NAT  and  Access  I 
Control  List  (ACL)  features  enabled. 


Tests  show  that  the  Nortel  Secure  Router  3120  delivers  superior 
throughput  for  the  majority  of  packet  sizes  tested,  especially  with 
regards  to  smaller  packet  sizes  (64  bytes  to  256  bytes),  generally  deliv¬ 
ering  from  2X  to  4X  greater  throughput  than  the  Cisco  Systems  3825 
Integrated  Services  Router  and  2821  Integrated  Services  Router  tested. 

When  tested  with  a  group  of  eight  TIs,  the  Nortel  Secure  Router  3120  out¬ 
performed  the  Cisco  2821  routers,  delivering  more  than  4X  the  throughput 
- 11.3  Mbps  aggregate  throughput  for  the  Secure  Router  3120  versus  just 
2.4  Mbps  for  the  Cisco  devices  when  tested  at  64-byte  frames. 

Testing  demonstrates  that  the  Nortel  Secure 
Router  3120  possesses  an  enormous 


128  256  512 

Packet  size  (Bytes) 

amount  of  processing  headroom  to  accommodate  network  services 
while  simultaneously  offering  wire-speed  throughput. 

In  addition  to  delivering  wire-speed  packet  processing,  tests  show  that 
the  Secure  Router  3120  has  the  horsepower  to  simultaneously  handle 
QoS,  ACL  and  NAT  processing.  In  head-to-head  testing,  the  Secure 

Router  3120  demonstrates  more 
than  double  the  throughput  of  the 
Cisco  3825  and  as  much  as  four 
times  the  throughput  of  the  Cisco 
2821  over  a  DS3  link.  In  a  multiple  T1  sce¬ 
nario,  the  Secure  Router  31 20  achieves  4X  more  throughput  than  the 
Cisco  2821. 


Document  number:  205146 


Product  class:  WAN  router 


Products  under  test: 


N0RTEL 

NETWORKS 


Nortel  Secure  Router  3120  OS  Ver  9.0/BootROM  Ver.  T1002  09120 
Cisco  Systems  3825  Integrated  Services  Router  OS  Ver. 
12.4.2T1|BootROM  Ver.  12.3(11r)T 
Cisco  Systems  2821  Integrated  Services  Router  OS  Ver. 
12.4.2T1/BootROM  Ver.  12.3(8r)T7 


Testing  window:  September  2005 


For  more  info  on  this  test,  visit:  http://www.nortel.com 

View  the  full  test  summary  at: 
http://www.tolly.com/DocDetail.aspx7DocNumber  -  2051 46 
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Nortel  Secure  Routers 

dominate  in  branch 

office  T1 

connectivity 

tests 


NCRm 


Nortel  commissioned  The  Tolly  Group  to  eval¬ 
uate  the  Nortel  Secure  Router  1004  and 
Secure  Router  1002  wide-area  network 
routers  with  integrated  network  services  such 
as  Quality  of  Service  (QoS),  IPSec  VPN  with 
on-board  hardware  acceleration,  stateful  fire¬ 
wall,  Network  Address  Translation  (NAT)  and 
Access  Control  Lists  (ACLs)  for  enterprises 
and  service  providers. 

Tolly  Group  engineers  measured  the  multilink 
Point-to-Point  Protocol  (MLPPP)  zero-loss 
throughput  of  the  Secure  Router  1004  against 
Cisco  2811  and  Cisco  2821  routers,  with  QoS, 
NAT  and  ACL  features  enabled  in  a  scenario 
with  multilink  PPP  traffic  riding  over  four  TIs. 

Tests  show  that  the  Secure  Routers  1004/1002 
can  deliver  wire-speed  throughput  at  most  pack- 


•  Secure  Router  1004  operated  at  or  near 
wire-speed  throughput  and  outperformed 
Cisco  2811  and  2821  routers,  delivering  6X 
and  2X  more  throughput  respectively,  while 
simultaneously  supporting  active  QoS,  ACL 
filters  and  NAT  over  four  T1  lines 


•  Secure  Routers  1002  and  1004  demon¬ 
strated  wire-speed  performance  for  most 
packet  sizes  tested  while  simultaneously 
supporting  active  QoS,  IPSec  VPN  and 
stateful  firewall  services  over  two  or  four 
T1  lines 


•  Secure  Router  1004  consistently  outper¬ 
formed  the  Cisco  2811  for  all  packet  sizes 
tested,  especially  at  smaller  packet  sizes, 
when  tested  across  four  TIs  with  QoS,  IPSec 
VPN  and  stateful  firewall  services,  delivering 
3X  more  throughput  than  its  counterpart 


•  Secure  Router  1002  achieved  wire-speed 
throughput  at  all  packet  sizes,  while  perform¬ 
ance  of  Cisco  2811  and  1 841  weaken  when 
handling  64- 128-  and  256  byte  packets  test¬ 
ed  across  two  TIs  with  QoS,  IPSec  VPN  and 
stateful  firewall  services 


For  more  info  on  this  test,  visit: 


et  sizes  tested,  while  simultaneously  processing 
a  combination  of  QoS,  NAT,  ACL  filters,  IPSec 
VPN  and  firewall  services. 

By  contrast,  tests  show  that  the  performance 
of  the  Cisco  1841/2811/2821  routers  sag  under 
the  processing  load,  especially  when  smaller, 
more  taxing  packet  sizes  come  into  play. 


Test  results  show  that  the  Secure  Routers  1004 
and  1002  deliver  superior  throughput  for  the 
majority  of  packet  sizes  tested,  especially  with 
regards  to  smaller  packet  sizes  (64  bytes  to  256 
bytes),  delivering  up  to  6.4X  greater  throughput 
than  the  Cisco  devices  tested. 

In  a  scenario  with  the  WAN  routers  supporting 
multilink  PPP  traffic  across  four  TIs,  the  Nortel 
Secure  Router  1004  delivered  zero-loss  aggre¬ 
gate  throughput  ranging  from  3.9  Mbps  at  64- 
byte  frames  to  6.2  Mbps  when  tested  at  512- 
byte  frames  with  QoS/VPN  and  firewall  services 
enabled.  By  contrast,  the  Cisco  2811  achieved 
throughput  ranging  from  1.1  Mbps  to  4.1  Mbps. 

In  a  scenario  with  WAN  routers  supporting  multi¬ 
link  PPP  traffic  across  two  TIs,  the  Nortel  Secure 
Router  1004  delivered  3.1  Mbps  across  the  range 
of  packet  sizes  tested.  By  contrast,  the  Cisco 
2811  and  Cisco  1841  routers  tested  achieved  an 
average  of  2  Mbps  and  1 .25  Mbps,  respectively. 
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•  Blocks  100%  of  spam  messages  by  employing  an  advanced 
challengefresponse  system  to  thwart  automated  messages 

•  Processes  3.6  Mbps  of  aggregate  throughput  while  simulta 
neously  scanning  for  viruses,  worms,  Trojans  and  other 
malicious  traffic 

•  Yields  24  Mbps  of  aggregate  throughput  over  a  VPN 
connection  between  two  locations  while  handling  1,400- 
byte  packets 

•  Supports  aggregate  throughput  of  171  Mbps  while  actively 
screening  traffic  in  firewall  mode 

•  Demonstrates  resiliency  to  service  outages  by  utilizing  a 
failover  port  to  cut  over  to  backup  DSL,  cable  or  dial-up 
connections 


Tests  reveal  tha 

Wiresoft  Security 
Platform  hits  th< 

mark  for  SMB: 


The  Tolly  Group  also  verified  the  Wiresoft  solu 
tion's  VPN  capabilities,  including  Point-toPoint 
Tunneling  Protocol  (PPTP)  and  IPSec  support 
for  VPN  connections.  Among  the  VPN  . 
findings,  tests  show  that  Sentry 
Security  Platform  sustains  up  to  24  Mbps  ^ 
of  zero-loss  throughput  across  a  single-tunnel 
configuration  supporting  IPSec  and  1,400-byte 
packets.  Further,  firewall  testing  revealed  that 
Sentry  Security  Platform  delivers  171  Mbps  of 
bidirectional  aggregate  throughput  when  handling 
1,518-byte  frames  in  firewall  mode. 


tative  maintenance 
on  other  Sentry  systems  on  the  Internet,  reliat 
ity  factors,  scalability  and  failover  features. 


A  hands-on  examination  of  Wiresoft  Net,  lnc.'s 
Sentry  Security  Platform  shows  that  the  bundled 
solution  for  small-to-medium  businesses  (SMBs) 
delivers  on  the  promise  of  business  continuity, 
increased  productivity,  self-maintaining  reliability, 
and  expandability  in  a  single  solution. 

The  dilemma  that  SMBs  face  today  is  that  the  IT 
market  abounds  with  supplier  after  supplier  that 
offer  point  solutions  for  security.  Yet  these  are 
not  practical  solutions  for  SMBs  since  buyers 
must  struggle  to  integrate  point  products  into 
existing  networks. 

Sentry  Security  Platform  bundles  a  variety  of 
security  services  including  transparent  virus 
scanning,  challenge  response  spam  blocking, 
stateful  packet  firewalling,  VPN  services  (PPTP 
and  IPSec)  and  more. 


The  hands-on  evaluation  also  examined  a  number 
of  important  features,  such  as  simplified  setup, 
a  monitored  service  offering  to  perform  preven- 


The  Sentry  Security  Platform's  feature/functii 
packaging  for  SMBs  thoroughly  impressed  To 
Group  engineers. 


Effectiveness  of  Sentry  Security  Platform  at  Blocking  Spam 


Tolly  Group  tests  show  that  Sentry  Security 
Platform  blocked  100%  of  the  spam  messages  it 
encountered,  and  delivered  100%  of  the  legiti¬ 
mate  mail.  The  Tolly  Group  also  tested  Sentry 
Security  Platform's  ability  to  detect  and  stop  a 
variety  of  common  viruses  at  the  network  edge. 
Sentry  Security  Platform  was  able  to  sustain  3.6 
Mbps  of  aggregate  zero-loss  throughput  for  five 
minutes  in  "steady  state"  with  no  unsuccessful 
HTTP  transactions  reported  while  simultaneous¬ 
ly  scanning  for  viruses. 


Spam  blocked  Legitimate  mail 

delivered 
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Sun’s  Perlman  on  future  of  network  research 


Some  people  refer  to  Sun  Labs'  distinguished  engineer 
Radio  Perlman  (see  www.nwdocfinder.com/3431)  as 
the  Mother  of  the  Internet  and  the  creator  of  the  span¬ 
ning  tree  algorithm  used  by  bridges  and  switches. 
Others  know  her  as  the  author  of  network  textbooks 
such  as  Interconnections.  Network  World  singled  her 
out  in  March  as  one  of  20  people  who  changed  the 
industry  over  the  past  20  years  ( www.nwdoc finder. 
com/3432).  Executive  News  Editor  Bob  Brown  recently  interviewed  her 
and  wanted  to  know:  What  have  you  done  for  us  lately? 


are  important  for  this  position?” 

What's  your  take  on  the  state  of  networking  and  security  research  these  days? 

The  taste  of  whoever  is  in  the  funding  agencies  tends  to  cause  everyone  to  look 
at  the  same  stuff  at  the  same  time.  Often  technologies  get  hot,  then  go  away  There 
was  active  networking  for  a  while,  which  always  mystified  me  and  has  now  died.  In 
security  the  money  is  behind  digital  rights  management,  which  I  think  ultimately  is 
a  bad  thing  —  not  that  we  need  to  preserve  the  right  to  pirate  music,  but  because 
the  solutions  are  things  that  don’t  solve  the  real  problems  in  terms  of  security  The 
few  dishonest  people  will  always  manage  to  steal  things.  But  most  people  are  basi¬ 
cally  honest,  and  are  willing  to  pay  if  you  make  it  convenient.  If  there’s  a  trust  rela¬ 
tionship  there,  most  people  will  wind  up  buying  things.  1  hate  to  see  so  much 
emphasis  on  digital  rights  management. 


One  week  I  get  to  see  Tim  Berners-Lee,  the  Father  of  the  Web,  and  the  next  week  I  get  to 
meet  with  the  Mother  of  the  Internet.  What  more  could  a  networking  editor  ask  for? 

Mother  of  the  Internet. That’s  kind  of  a  strange  marketing  sound  bite.  I  cringe 
when  people  emphasize  my  gender,  because  it’s  really  a  very  small  part  of  my  life, 
especially  my  professional  life.  Recently  a  recruiter  for  a  company  sent  me  e-mail 
saying:“We  are  particularly  interested  in  you  as  a  female  thought  leader.”  I  didn’t 
reply,  because  I  wasn’t  interested  in  a  job,  but  I  fantasized  replying:  “Thank  you  for 
your  interest.  Although  my  credentials  as  a  thought  leader  are  impeccable,  I  must 
warn  you  that  1  am  not  that  qualified  as  a  female.  I  can’t  walk  in  heels,  I  have  no 
clothing  sense,  and  I’m  not  particularly  decorative. What  aspects  of  being  female 


Where  should  the  funding  go? 

The  things  that  seem  absolutely  unsolvable  but  that  we  have  to  solve  is  the  user 
interface  stuff.  Everything  is  so  complicated.  People  tell  you  to  turn  off  cookies 
because  they  are  dangerous,  but  you  can’t  talk  to  anything  on  the  Web  without 
using  them.  People  build  this  horribly  complicated  software,  put  up  all  these  myste¬ 
rious  pop-up  boxes  and  then  blame  the  users  when  things  don’t  go  right.  I  keep 
hearing  people  say,  like  with  distributed  denial  of  service,  that  there  are  all  these 
grandmothers  out  there  who  don’t  know  how  to  maintain  their  systems.  Don’t 

See  Sun,  page  20 
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Juniper  reveals  plans  for  WAN  gear 


Juniper  faster  WAN  plan 

Over  the  next  18  months,  Juniper  Networks  plans  to  add  features  to  its 

WX  and  DX  WAN  acceleration  gear  in  an  effort  to  meet  increasing 

branch-office  performance  demands. 

•  Accelerate  SSL  flows:  The  WX  will  proxy  SSL  traffic,  accelerate  it  and  re-encrypt  it  as  well  as  cache  content 
in  the  flows  to  reduce  WAN  traffic. 

•  Add  Web  caching:  The  WX  will  be  able  to  cache  Web  content,  reducing  traffic  that  must  cross  the  WAN. 

•  Enable  data  center  rules  in  branches:  The  WX  will  support  a  feature  called  AppRules  that  could  reduce 
the  number  of  requests  crossing  the  WAN  for  customers  that  use  both  WXs  and  DXs. 

•  PC  software  agent:  Client  software  that  will  enable  a  single  PC  to  optimize  traffic  to  a  WX  rather  than  the 
current  WX-to-WX-only  configuration. 

•  Segmented  management:  Administrators  can  be  granted  different  management  privileges  over  different 
devices  in  the  network  depending  on  their  role. 


■  SMC  Networks  last  week  announced 
itsTigerSwitch  1000  SMC8024L2,  a  24-port 
lO/IOO/IOOOMbps  managed  LAN  switch 
aimed  at  small  and  midsize  companies. 
The  SMC8024L2,  which  can  be  managed 
via  SNMP  and  includes  a  Web-based  man¬ 
agement  interface,  could  be  deployed  as  a 
workgroup  switch  for  users  or  as  a  back¬ 
bone  device  connecting  small-business 
servers.  The  switch  costs  $700,  or  about 
$30  per  triple-speed  Ethernet  port. 

■  Ranch  Networks  says  its  latest  box 
can  load-balance  and  provide  failover  for 
the  open  source  Asterisk  IP  PBX  plat¬ 
form.  The  company’s  RN  appliance  sits  in 
front  of  two  Asterisk  servers  and  monitors 
them,  checking  online  status,  measuring 
processor  load  and  network  availability.  If 
one  Asterisk  box  fails  or  becomes  over¬ 
loaded,  the  RN  appliance  shifts  requests 
to  the  backup  server.  The  RN  boxes  also 
provide  bandwidth  management,  VPN  ter¬ 
mination,  call  accounting  and  LAN  switch¬ 
ing.  The  devices  range  from  $600  to 
$17,300. 


BY  TIM  GREENE 

Juniper  has  laid  out  an  18-month  road 
map  that  includes  improving  the  capabili¬ 
ties,  capacity  and  management  support  of 
its  WAN  acceleration  gear  while  offering 
custom  acceleration  for  more  individual 
applications. 

Once  carried  out,  the  road  map  will 
bring  Juniper’s  gear  more  in  line  with  pro¬ 
ducts  from  other  vendors,  notably  River¬ 
bed,  which  also  makes  devices  that  im¬ 
prove  WAN  response  times  through  a  vari¬ 
ety  of  means,  says  Rob  Whiteleyan  analyst 
with  Forrester  Research. 

Blue  Coat,  Cisco,  Citrix,  Expand  Net¬ 
works,  F5  Networks,  Packeteer  and  others 
also  compete  in  this  area,  and  are  con¬ 
stantly  adding  features  to  develop  a  full  set 
of  application-visibility,  acceleration  and 
compression  features,  he  says. 

Juniper’s  WAN  acceleration  family  in¬ 
cludes  the  DX,  WX  and  WCX  devices.  The 
DX  is  a  one-end  acceleration  unit  that  sits 
in  front  of  data  centers  and  requires  no 
special  equipment  at  the  other  end  of  the 


connection.  It  terminates  SSL  sessions,  per¬ 
forms  HTTP  compression  and  protects 
servers  from  denial-of-service  attacks  as 
well  as  SYN  floods. 

The  WX  appliances  sit  at  both  ends  of 
corporate  WAN  links  and  through  a  variety 


of  compression  and  optimization  tech¬ 
niques  squeeze  more  data  across  the  con¬ 
nections.  Juniper  plans  to  add  Web 
caching, accelerating  SSL-encrypted  traffic 
and  enforcing  what  were  DX-based,  data 
See  Juniper,  page  20 
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TOLLY  ON  TECHNOLOGY 
Kevin  Tolly 


The  adage  that  in  lawsuits  the 
only  sure  winners  are  the  lawyers 
is  doubly  true  in  the  years-long 
patent  battle  between  Research 
in  Motion,  maker  of  the  Black- 
Berry  handheld,  and  NTRa  com¬ 
pany  with  one  asset  —  the  dis¬ 
puted  patent  —  that  was  brought 
into  existence  to  fight  RIM.  And 
then  there’s  Microsoft  —  but  we’ll 
get  to  them. 

This  topic  looked  like  it  was 
about  to  fade  from  the  headlines 
as  a  result  of  the  $612.5  million 
settlement  that  NTP  accepted 


NTP  vs.  RIM:  A  good  deal  for  lawyers 


from  RIM  a  few  months  back.  But 
now  RIM  must  deal  with  another 
legal  challenge  from  software 
provider  Visto,  which  claims 
RIM’s  BlackBerry  service  violates 
four  Visto  patents.  The  lawsuit 
seeks  unspecified  damages  and 
asks  the  court  to  shut  down 
BlackBerry’s  service  in  the 
United  States. 

The  residual  impact  on  the  IT 
world  from  these  legal  battles 
could  last  much  longer. 

That  is  where  Microsoft  comes 
in.  The  company’s  mobile  mes¬ 
saging  offering  is  based  on  and 
integrated  into  its  flagship  mes¬ 
saging  hub  Exchange  Server 
2003  solution,  which  competes 
with  RIM’s  BlackBerry.  Like  other 
contenders,  Microsoft  hadn’t 
had  huge  success  prying  RIM’s 
fiercely  loyal  customers  away 
from  it.  But  the  protracted  patent 


battle  had  an  impact. 

For  once  Microsoft  wasn’t  the 
one  being  sued.  With  the  real 
possibility  of  a  U.S.  judge  order¬ 
ing  the  BlackBerry  service  to  be 
shut  down,  even  many  loyal  cus¬ 
tomers  started  to  make  contin¬ 
gency  plans.  (RIM  assured  cus¬ 
tomers  that  it  had  developed  an 
alternate,  “non-infringing”  ver¬ 
sion  of  its  service,  but  at  least 
some  users  were  unwilling  to 
bank  on  this.) 

In  Microsoft’s  case,  the  absence 
of  a  negative  (a  patent  lawsuit) 
was  a  definite  positive.  Combine 
that  with  the  fact  that  virtually 
every  company  has  a  collection 
of  Exchange  Server  systems  at 
its  core,  and  it’s  easy  to  see  why 
firms  would  want  to  understand 
how  a  mobile  Exchange  offering 
might  be  able  to  take  over  from 
the  BlackBerry  service. 


Which  brings  us  back  to  the 
lawyers.  Faithful  BlackBerry  users 
did  not  ask  for  a  change,  but  the 
action  of  the  NTP  lawyers  served 
as  a  catalyst  and,  in  effect,  forced 
it  upon  them. 

It  would  have  been  interesting 
(theoretically  speaking)  if  the 
judge  had  shut  down  RIM  and 
said  “OK,  NTP  it  is  all  yours” 
because  they  had  nothing  but  a 
piece  of  paper.  There  was  no  ser¬ 
vice  that  they  could  unleash  to 
replace  RIM.  It  wasn’t  a  Netscape 
vs.  Internet  Explorer  battle  in 
which  there  were  two  viable 
alternatives. 

While  the  RIM  battle  sparked 
discussion  of  patent  reform,  1 
believe  a  shutdown  with  nothing 
to  replace  it  would  have  ensured 
that  serious  reform  took  place. 
And  while  we  are  at  it,  we  might 
as  well  look  at  the  final  lawyer- 


profit  scorecard. 

The  Washington,  D.C.,  law  firm 
representing  NTP  scored  about 
$200  million  from  the  deal,  or  a 
little  less  than  $3  million  for  each 
of  the  67  partners. You  might  call 
them  instant  millionaires,  but  I 
have  a  feeling  that  many  already 
were  in  that  category. 

NTP  has  about  two  dozen 
shareholders  to  split  the  remain¬ 
ing  $400  million,  according  to 
The  Wall  Street  Journal.  About 
half  of  them  are  —  you  guessed 
it  —  patent  attorneys  at  a  Belt- 
way  firm. 

And  the  inventor?  He  died  in 
2004. 

Tolly  is  president  of  The  Tolly 
Group,  a  strategic  consulting  and 
independent  testing  company  in 
Boca  Raton,  Fla.  He  can  be 
reached  at  ktoIly@tolly.com. 
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center-only  rules  at  branch  offices.  It  also 
plans  to  add  a  WX  software  agent  that 
pushes  compression  algorithms  to  remote- 
access  PCs. 

WXC  devices  add  data-sequence 
caching  to  the  WX  technology  making  it 
possible  to  deliver  large  chunks  of  data 
from  a  local  WXC  cache  rather  than  call¬ 
ing  it  from  servers  at  the  other  end  of  a 
WAN  connection.  The  WXC  also  will  re¬ 
ceive  the  WX  improvements. 

All  the  boxes  are  managed  by  WX  CMS, 
software  that  monitors  WAN  performance 
by  application  and  produces  reports  by 
site,  device  and  link.  CMS  upgrades  will 
make  it  possible  to  create  new  reports, such 
as  how  much  the  gear  accelerates  individ¬ 
ual  applications.  It  also  will  enable  assign¬ 
ing  specific  management  roles  to  specific 
individuals  and  limiting  those  roles  to  cer¬ 
tain  devices  on  the  network.  So  a  depart¬ 
ment  administrator  might  have  access  to 
read  performance  reports  and  adjust  set¬ 
tings  for  devices  serving  his  department  but 
not  others.  A  corporate  administrator  could 
have  overlapping  access,  plus  access  to  all 
the  other  Juniper  WAN  acceleration  gear  in 
the  corporate  network. 

These  acceleration  devices  can  pay  for 
themselves  rapidly,  according  to  Robert 
Bell, director  of  IT  for  Dearborn,  Mich. .archi¬ 
tectural  and  engineering  firm  Ghafari  Com¬ 
panies,  which  has  offices  in  Illinois  and 
Indiana.  He  says  installing  three  WXC  boxes 
at  these  sites  improved  WAN  performance 
enough  to  avoid  having  to  upgrade  T-ls  toT- 
3s,  which  would  have  boosted  monthly 
WAN  costs  five  to  eight  times,  depending  on 


the  connection.  Because  of  this,  the  Juniper 
devices  installed  last  fall  paid  for  them¬ 
selves  in  eight  months,  he  says. 

One  improvement  on  Juniper’s  road 
map  that  Bell  looks  forward  to  is  a  WX  soft¬ 
ware  agent  that  can  be  downloaded  to  an 
individual  PC  that  enables  it  to  compress 
traffic.The  agent  is  pushed  via  a  Juniper  SSL 
VPN  gateway  and  Ghafari  already  has  one. 
So  a  person  using  the  VPN  to  access  a  file 
would  download  the  WX  agent  at  logon 
and  get  faster  transactions  because  traffic 
would  be  compressed  in  both  directions, 
he  says.  Competitor  Orbital  Data  has  this, 
and  Riverbed  and  NetScaler  are  said  to  be 
working  on  it. 

Bell  says  he  also  is  looking  forward  to 
Juniper  accelerating  more  individual  types 
of  applications  as  it  already  does  with 
Common  Internet  File  System  and  Ex¬ 
change.  In  particular,  a  planned  upgrade  to 
accelerating  SQL  traffic  will  help  speed  up 
slow  accounting  transactions  carried  out 
between  the  Dearborn  headquarters  and 
the  branch  offices. 

Tools  to  monitor  traffic  better  and  report 
on  performance  also  will  be  welcome,  he 
says.  This  will  eliminate  the  need  for  sepa¬ 
rate  performance  monitoring  and  shaping 
gear,  Forrester’s  Whiteley  says. “You  turn  on 
its  reporting  and  it  reduces  the  need  for 
having  a  box  like  Racketeer’s  sit  on  the  WAN 
edge.  It  simplifies  the  architecture,”  he  says. 

Juniper’s  plans  also  call  for  making  it  pos¬ 
sible  to  accelerate  SSL  between  WX  de¬ 
vices  by  compressing  packets,  then  en¬ 
crypting  them  with  SSL  before  they  cross 
the  WAN.  Previously,  the  devices  could  not 
open  SSL  traffic  so  could  not  determine 
whether  it  could  be  compressed  or  oth¬ 
erwise  optimized.  Blue  Coat  and  Certeon 


also  do  this,  but  they  lack  other  features  of 
Juniper  gear,  says  Joel  Conover,  an  analyst 
with  Current  Analysis. 

Juniper  promises  to  boost  the  speed  of 
WAN  links  it  can  support  to  155Mbps  or  OC- 
3.  Other  vendors  such  as  Silver  Peak  offer 


Sun 
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faster  speeds  than  Juniper  now  has, 
Conover  says,  so  this  will  bring  the  com¬ 
pany  back  in  line  with  competitors. 

Overall,  the  Juniper  road  map  foretells  bet¬ 
ter  integration  of  technologies  it  acquired 
over  the  past  few  years,  Whiteley  says.M 


blame  the  grandmothers;  blame  the  vendors.  Liability  is  one  of  those  things  I  don’t 
understand. Somebody  makes  a  toy  and  some  kid  manages  to  stick  a  piece  up  his  nose 
and  dies  from  it,  that  company  has  to  pay  millions  of  dollars  because  everyone  is  so 
sympathetic.  But  in  the  software  industry  when  you  install  something  there  is  this  9,000- 
page  legalese  that  basically  says:“We  have  no  idea  what  this  thing  does,  we’re  not  claim¬ 
ing  it  does  anything,  if  it  remotely  does  anything  useful  you  should  be  grateful  to  us,  but 
you  shouldn’t  blame  us  if  it  doesn’t  do  what  you  expect."  And  they  get  away  with  it! 

What's  this  security  project  of  yours  called  “ephemerizer"  all  about?  (See  www.nwdocfinder. 
com/3433.) 

You  want  to  be  able  to  create  files  that  have  expiration  dates  and  make  lots  of  copies 
of  all  of  your  storage, so  even  if  your  data  center  burns  down  you  can  buy  a  brand-new 
machine,  reinstall  the  file  system  from  scratch,  get  your  backup  tapes  and  be  able  to 
recover  all  the  data  that  hasn’t  expired  and  not  be  able  to  recover  any  data  that  has 
expired.You  want  to  be  able  to  do  this  in  a  way  that  can  be  very  scalable  and  in  which 
you  won’t  lose  performance,  and  to  do  it  with  key  managers  that  manage  time-release 
keys  in  a  way  you  don’t  really  have  to  trust  them. 

We’ve  been  working  on  it  for  a  few  years,  and  it’s  been  evolving.  Originally  the  design 
was,  every  time  you  opened  a  file  that  had  an  expiration  date  you  had  to  go  to  a  key 
manager,  like  an  external  site,  and  ask  him  to  unlock  the  file  for  you.  When  1  tried  to  sell  it 
to  the  file  system  groups  they  were  unhappy  about 
the  overhead  every  time  you  opened  a  file,  and  the 
amount  of  information  you’d  have  to  keep  in  the 
header  of  the  file  was  a  whole  bunch.  After  that  1 
changed  it  so  that  only  after  a  file  system  recovers 
from  a  crash  does  it  have  to  ask  for  one  decryption 
from  an  outside  agent,  and  otherwise  it  works 
autonomously  so  it  has  no  performance  problems. 

In  the  header  of  a  file  all  1  need  is  about  4  bytes  for 
a  key  ID.  ■ 


nww.coin 

More  from  the  interivew 

Head  online  for  an  unabridged  version  of 
the  discussion  with  Radia  Perlman. 

www.nwdocfinder.com/3434 
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NEC  Display  Solutions 


APPLE  Xserve®  RAID  Hard  Drive  Array 

MA208LL/A 

-  Dual  2GB  Fibre  Channel  connectivity 

-  Hardware  RAID  levels  0, 1,  3,  5,  0+1 

-  Certified  by  Microsoft?*  Novell?*  Cisco?  Red  Hat? 
Terra  Soft  Solutions?  Brocade?  Veritas®  and  more 

-  1-year  warranty 


NEC  Multisync  Display 

LCD1970VX-BK 

-  Flat  panel  display  -19" 

-  1280  x  1024  dpi  max  resolution 

-  0.294mm  dot  pixel  pitch 

-  3-year  warranty 


BELKIN®  SMB  CAT5  KVM  Switch 

F1DP108A 

-  8-port,  1U  rack-mountable 

-  Supports  PS/2  and  USB  platforms 

-  Daisy-chain  up  to  16  switches 

-  5-year  warranty 
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Open  network  access  is^ood  for  business 
Open  network  access  is  bad  for  security. 


The  Answer:  Proven  security, 


Thanks  to  the  growth  of  mobile  devices  and  wireless  access,  your  workforce  and  guests  can  access  your 
network  from  almost  anywhere.  So  what’s  the  smartest  way  to  keep  it  secure?  McAfee  has  the  answer. 
With  our  network  access  control  solution,  featuring  McAfee  Policy  Enforcer,  your  security  standards  are 
continuously  enforced — even  when  users  are  on  the  road.  That  means  noncompliant  or  infected  PCs, 
laptops,  and  PDAs  can  be  identified,  quarantined,  and  made  secure  before  they  cause  damage.  Backed 
by  more  than  15  years  of  experience  supporting  and  protecting  our  customers,  McAfee’s  software, 
hardware,  and  sendees  are  a  proven  way  to  secure  your  business.  Learn  more  at  www.mcafee.com/access 


Network  Access  Control 


Vulnerability  Management 

Intrusion  Prevention 

E-Mail  &  Web  Security 

‘ '  ty .  Anti-Spam  &  Anti-Spyware 
■ 

Anti-Virus 


Proven  Security 
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ENTERPRISE  COMPUTING 

WINDOWS  ■  LINUX  B  UNIX  B  SERVERS  ■  STORAGE  B  GRID/UTILITY  ■  MOBILE  COMPUTING 

Microsoft  taking  storage  to  next  level 

Company  moving  beyond  partnerships  to  offer  its  own  complete  packages  for  keeping  data. 


Serious  about  storage 

Microsoft  has  issued  a  steady  stream  of  storage  technologies  in  recent  years. 


Technology 

Introduced 

Function 

Distributed  File  System  Replication 

2000 

Lets  multiple  servers  and  shared  directories  on  a  network 
appear  as  a  single  network  drive. 

Windows  Storage  Server  R2 
(originally  Server  Appliance  Kit) 

2000 

Software  enabling  the  creation  of  Windows-based  network- 
attached  storage  appliances. 

Encrypting  file  system 

2000 

Encrypts  files  and  folders  on  Microsoft  Windows  machines. 

Storport  driver 

2003 

Enables  higher  performance  and  better  compatibility  on 
Windows  Fibre  Channel  storage-area  networks  (SAN). 

Multipath  I/O 

2003 

Enables  duplicate  paths  between  Windows  servers  and 
storage  devices  for  load  balancing  and  increased  availability. 

Virtual  shadow  copy  services 

2003 

Creates  point-in-time  copies  of  data. 

iSCSI  software  initiator 

2003 

Enables  iSCSI  on  Windows  host  bus  adapters. 

Virtual  disk  service 

2003 

A  set  of  APIs  that  provide  a  single  interface  for  managing 
disks. 

System  Center  Data  Protection 
Manager 

2005 

Near-continuous  data  protection  for  Windows  servers. 

Simple  SAN 

2005 

Simplifies  Fibre  Channel  and  iSCSI  networking. 

iSCSI-enabled  software  boot 

2006 

Creates  iSCSI  target  storage  devices. 

BY  DENI  CONNOR 

Upon  forming  its  Enterprise  Storage 
Division  four  years  ago,  Microsoft  had  to 
overcome  suspicion  that  it  was  about  to 
encroach  on  yet  another  market.  Instead, 
the  company  forged  a  reputation  as  a 
team  player  whose  technologies  boosted 
other  vendors’  products  by  enabling  them 
to  work  better  with  Windows. 

Signs  are  emerging,  though,  that  changes 
are  afoot.  Not  that  Microsoft  is  about  to 
toss  its  partners  aside,  but  the  company  is 
taking  steps  to  make  more  of  a  name  for 
itself  as  a  supplier  of  storage  products. 

“The  next  step  of  our  storage  strategy  is 
working  on  complete  solutions  —  a  single 
way  to  manage  servers  and  storage  and 
content-addressable  storage,”  says  Claude 
Lorenson,  group  product  manager  of  stor¬ 
age  technologies. 

Microsoft  has  begun  rolling  out  stand¬ 
alone  storage  products,  such  as  its  System 
Center  Data  Protection  Manager  (DPM), 
software  that  backs  up  Windows  file 
servers  on  a  near-continuous  basis.  DPM 
competes  with  products  from  Revivio  and 
Symantec  but  can  be  incorporated  into 
products  from  Microsoft  partners. 

Microsoft  is  expected  to  expand  DPM  to 
also  support  Exchange  and  SQL  Server  sys¬ 
tems,  potentially  giving  the  company  more 
of  an  entry  into  enterprise  storage 
accounts.  To  date,  Microsoft  has  been 
strongest  in  the  small  and  midsize  business 
(SMB)  sector,  with  a  53%  share  of  the  mar¬ 
ket  for  network-attached  storage  (NAS) 


B  Sepaton  has  announced  software 
for  its  S2100-ES2  virtual  tape  library 
appliance  that  eliminates  the  need  to 
store  unchanged  or  duplicated  data 
within  files.  It  says  this  speeds 
backup  and  lets  data  be  stored  at  a 
much  lower  cost.  The  software  is  due 
by  the  end  of  June  for  less  than  $1  per 
gigabyte. 

bEMC  says  it  will  acquire  Kashya,  a 
data-replication  and  -protection  soft- 


devices  priced  from  $500  to  $100,000. 

“When  DPM  supports  Exchange  and 
SQL  Server  and  features  such  as  band¬ 
width  throttling  and  alternate  pathing, 
DPM  will  clearly  compete  further  up  the 
stack  with  enterprise  storage  applications,” 
says  Mickey  Mclntire,  CEO  of  String  Bean 
Software,  whose  iSCSI-based  WinTarget 


ware  firm,  for  about  $153  million.  The 
buy  is  part  of  EMC’s  effort  to  grow 
from  a  storage  hardware  provider  to  a 
one-stop  shop  for  storing,  managing, 
accessing  and  securing  data.  EMC 
plans  to  join  Kashya's  replication  soft¬ 
ware  with  EMC's  Invista  network- 
based  block  storage  virtualization  tech 
nology.  EMC  will  use  Kashya’s  continu¬ 
ous  data  protection  technology  as  the 
engine  for  EMC’s  RecoverPoint  CDP 
software. 


software  Microsoft  acquired  in  March. 

The  company  hopes  its  iSCSI  products 
—  the  Microsoft  iSCSI  initiator,  the 
Microsoft/IBM  iSCSI  software-enabled 
remote  boot  and  its  WinTarget  software  — 
will  lead  it  into  enterprise  storage  markets 
that  want  to  blend  Fibre  Channel  and 
iSCSI  SANs. 

“We  are  coupling  iSCSI  with  some  new 
functionality  for  Windows  that  will  make  it 
easier  to  manage  blocks  of  data  and  the 
location  of  files,  and  compete  with  tradi¬ 
tional  NAS  vendors’  offerings,”  Lorenson 
says. 

Microsoft  also  is  plotting  to  make  waves 
in  storage  management,  though  it  has  not 
released  details. 

“Many  of  our  partners  have  told  us  that 
we  are  in  a  very  good  position  to  simplify 
server  and  storage  management,” 
Lorenson  says,  noting  that  Microsoft’s  first 
big  announcement  in  this  area  will  take 
place  at  the  Storage  Networking  World 
conference  in  the  fall. 

Analysts  are  curious  about  how  much  of 
this  technology  Microsoft  will  embed  in 
Windows. 


“They  could  wipe  out  storage-manage¬ 
ment  software  for  Windows  vendors,  not  in 
that  they  offer  end-user  product  but  in  that 
they  offer  software  that  can  be  produc¬ 
tized  and  take  value  out  of  current  vendor 
offerings,”  says  Randy  Kerns,  an  indepen¬ 
dent  storage  analyst. 

A  history  of  partnerships 

To  date,  Microsoft’s  storage  offerings 
largely  have  been  seen  as  complementary 
to  others’  products.  For  example,  its  low-  to 
midrange  NAS  technology  —  Windows 
Storage  Server  —  has  been  adopted  by 
such  vendors  as  Iomega  for  use  in  appli¬ 
ances.  Others  have  embraced  such  Micro¬ 
soft  storage  technologies  as  Multipath  I/O, 
the  Storport  driver  and  the  company’s 
Simple  SAN  technology,  which  aims  to 
make  Fibre  Channel  networking  for  Win¬ 
dows-based  SANs  easier  for  SMBs  to  use. 

The  company’s  Multipath  I/O,  which 
allows  duplicate  paths  between  Win¬ 
dows  servers  and  storage  devices  for 
load  balancing  and  increased  availabili¬ 
ty,  has  been  adopted  by  3PAR,  Egenera, 
EMC,  HR  LSI  Logic,  Network  Appliance 
and  Symantec. 

The  Storport  driver,  which  allows  higher 
performance  and  better  Fibre  Channel 
compatibility  for  Windows  Server  2003 
and  future  Windows  operating  systems, 
has  been  employed  by  Adaptec,  Emulex 
and  QLogic  in  their  host  bus  adapters. 

The  company’s  Virtual  Shadow  Copy 
Services,  which  create  point-in-time  copies 
of  data,  has  been  incorporated  by  IBM,  HP 
and  Commvault  into  their  backup  software. 

Finally,  the  company’s  Windows  Storage 
Server  Release  2,  which  was  introduced  as 
the  Windows  Server  Appliance  Kit  in  2000, 
has  enabled  vendors  to  offer  low-  to 
midrange  NAS  appliances  that  use  Micro¬ 
soft’s  underlying  Windows  Server  2003 
operating  system.  Supporters  include  Dell, 
FalconStor,  Fujitsu  Siemens,  Gateway,  HR 
IBM  and  Iomega. 

It’s  difficult  to  say  how  much  effort  and 
resources  Microsoft  is  putting  into  storage; 
the  company  won’t  disclose  such  informa¬ 
tion.  It  does  not  break  out  financial  infor¬ 
mation  for  its  storage  division  in  its  public 
reports.  Based  on  the  number  of  big-name 
partners  it  has  in  this  market,  Microsoft  is  a 
force  to  be  reckoned  with  in  storage.  B 
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with  the  ar  ount  of  energy  wasted  by 
non-AMD  powered  servers. 
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I ; How  long  have  you  been  putting  up  with  servers  that  waste  power  waste  money,  and  thanks  to  slow  performance  waste 
v  everyone’s  time?  Now  you  can  make  your  data  center  the  coolest  room  in  the  building  without  replacing  your  existing 


T  ••721 


:r  the  coolest  room  in  the  building  without  replacing  your  existing 
:ssor-based  servers,  on  the  other  hand,  are  designed  to  run  efficiently 
increased  performance.To  learn  more  about  maximum  performance 


and  the  power  of  cool  visit  www.amd.com/lessenergy 
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APPLICATION  SERVICES 

CRM  MESSAGING/COLLABORATION  I  WEB  SERVICES  H  ERP  ■  E-COM  H  NETWORK  AND  SYSTEMS  MANAGEMENT 


Start-up  targets  Exchange  customers 


Profile:  PostPath  (formerly  AppTran) 

Location:  Mountain  View,  Calif. 

Product:  PostPath  Server,  a  Linux-based  messaging  server  designed  to  look  and  function  just  like 
Microsoft  Exchange  Server  and  its  add-ons,  including  Active  Directory,  Outlook  and  mobile 
gateways. 

Funding:  WorldView  Technology  Partners,  Series  A  (undisclosed  amount);  Matrix  Partners,  Series  B 
(undisclosed  amount) 

Executives:  Duncan  Greatwood,  CEO;  previously  with  Virata/Globespan,  Virata/Conexant  and  Madge 
Networks.  Kerry  Champion,  VP  of  engineering;  previously  founder/CTO  of  Westbridge 
Technology,  VP  of  Tumbleweed  Communications.  Scott  Young,  VP  of  marketing;  previously 
CEO  of  UserLand  Software,  SVP  of  Vicinity  Corp. 


BY  JOHN  FONTANA 

Messaging  vendor  PostPath  emerged  from 
stealth  mode  last  week,  saying  it  plans  to 
ship  a  Linux-based  replacement  for  Ex¬ 
change  that  supports  Linux  network  proto¬ 
cols  and  is  designed  to  look  just  like 
Exchange  on  the  network. 

FbstPath  Server,  expected  to  ship  next 
month,  is  designed  not  only  as  a  replace¬ 
ment  for  an  entire  Exchange  environment 
but  also  as  a  piecemeal  replacement  for 
individual  Exchange  servers,  such  as  those 
in  branch  offices. 

PostPath  Server  is  a  replica  of  Exchange 
at  the  network  level,  so  it  looks  like 
Exchange  to  other  Exchange  servers  and 
to  other  software  plugged  into  the  server, 
such  as  Outlook,  Active  Directory  and 
third-party  applications  including  Re¬ 
search  In  Motions  BlackBerry  mobile  gate¬ 
way  The  company  says  its  support  of  open 
standards  will  give  users  more  options  in 
third-party  products,  such  as  storage  or 


antimalware  software,  for  messaging  envi¬ 
ronments.  PostPath  Server  also  gives  users 
alternatives  for  storage,  backup  and 
restore,  archiving, and  filtering.lt  ships  with 
a  Web  client  based  on  Asynchronous 
JavaScript  +  XML  technology 

“The  thing  that  seems  to  be  most  unique 
about  this  server  seems  to  be  its  interoper¬ 
ability  with  Exchange,”  says  Erica  Driver,  a 
Forrester  Research  analyst.  “There  are 
plenty  of  other  Exchange  alternatives  out 
there,  but  I  have  not  heard  anyone  else 
describe  theirs  as  100%  interoperable.” 

PostPath  Server  will  compete  with  servers 
from  CommuniGate,  Gordano,  IPSwitch, 
Mirapoint,Rockliffe,Scalix  and  Sendmail. 

However,  Driver  says  the  proof  will  be  in 
customer  deployments  once  FbstPath  Ser¬ 
ver  is  generally  available.  “If  they  can  work 
as  well  with  ShareFbint  2007  as  Microsoft 
does,  that  will  be  very  interesting.  But  it 
remains  to  be  seen.” 

Others  are  skeptical  the  server  is  a  full 


Exchange  replacement,  which  has  been 
attempted  by  IBM,  Novell,  Oracle,  Sun  and 
others.  “There  are  a  dozen  vendors  out 
there  that  claim  to  do  a  great  job  of  sup¬ 
porting  native  functionality  from  Outlook, 
and  basically  none  of  them  do,”  says  Matt 
Cain,  a  Gartner  analyst.  “I  have  yet  to  see  a 
broad  enterprise  deployment  of  Outlook 


running  in  rich  protocol  e-mail  mode 
against  any  back  end  other  than  Exchange.” 

FbstPath  created  its  server  by  decoding 
the  packet-level  protocols  used  by  Ex¬ 
change  and  coupling  that  knowledge  with 
the  protocols’  publicly  available  documen¬ 
tation.  The  results  were  implemented  on  a 
See  PostPath,  page  28 


Short  Takes 


■  Microsoft  last  week  offered  cus¬ 
tomers  new  test  versions  of  two  beta 
software  products:  Microsoft 
Speech  Server  2007  and  Windows 

CE  6,  which  are  expected  to  be  avail¬ 
able  later  this  year.  Companies  use 
Speech  Server  to  build  interactive 
voice-response  and  voice-recognition 
applications.  Windows  CE  is  a 
stripped-down  version  of  Windows  for 
such  products  as  set-top  boxes.  For 
more  information  about  the  Speech 
Server  2007  beta,  see  www.nwdoc 
finder.com/3440.  For  Windows  CE  6, 
see  www.nwdocfinder.com/3441. 

■  Metalnfo  recently  announced 

Meta  IP  Version  5.7,  an  upgrade  to 
its  IP  address,  DNS  and  DHCP  man¬ 
agement  package.  Meta  IP  can  now 
manage  Berkeley  Internet  Name 
Domain  (BIND)  9  and  BIND  8  servers 
concurrently,  for  those  companies 
moving  to  the  most  recent  version  of 
BIND.  Pricing  for  Meta  IP  5.7  starts 
at  about  $5,000. 


EMC,  Opsware  tackle  application  maps 


BY  DENISE  DUBIE 

Network  and  systems  management  ven¬ 
dors  continue  to  round  out  their  product 
lines  with  tools  to  help  customers  better 
understand  how  application  components 
use  IT  resources. 

EMC  Smarts  last  week  showcased  a  new 
product  the  company  says  can  help  cus¬ 
tomers  more  quickly  and  accurately  get  a 
map  of  applications,  servers  and  the  con¬ 
nections  among  them.  Application  Dis¬ 
covery  Manager  (ADM),  based  on  tech¬ 
nology  licensed  from  nLayers,  gives  cus¬ 
tomers  an  inventory  of  their  data  centers’ 
applications  and  hosts  and  shows  them 
how  the  elements  are  interdependent. 

The  company  says  the  software-loaded 
appliance  —  which  is  installed  in  a  data 
center  near  a  core  switch  to  watch  traffic 
traverse  the  network  —  at  first  passively  dis¬ 
covers  network  elements  to  get  an  accurate 
inventory  If  a  problem  occurs  or  perfor¬ 
mance  degrades,  customers  switch  the 
appliance  into  active  mode  to  collect  more 
in-depth  data  about  packets  traversing  the 
network  between  application  components. 

Although  the  product  solves  a  problem  in 
the  near  term  —  collecting  accurate  topol¬ 
ogy  and  configuration  information  about 


the  application  infrastructure  —  EMC 
Smarts  can  use  this  technology  as  a  build¬ 
ing  block  for  other,  higher-level  manage¬ 
ment  tasks,  says  Jasmine  Noel,  a  principal 
analyst  with  Ptak,  Noel  &  Associates. 

“ADM  provides  another  step  forward  on 
EMC  Smarts’  path  to  managing  dynamic  vir¬ 
tualized  environments.  [The  company]  is 
correctly  positioning  the  application  dis¬ 
covery  technology  as  an  enabler  to  other 
management  functions,”  she  says. 

ADM  is  priced  at  $200,000  for  the  software 
and  $15,000  per  appliance. 

Separately,  Opsware  last  week  intro¬ 
duced  a  software  application  that  tracks 
applications  across  heterogeneous  net¬ 
works.  Opsware  Visual  Application 
Manager  (VAM)  discovers  application 
components,  including  network  devices, 
servers,  software  and  business  applica¬ 
tions,  and  creates  maps  of  dependencies. 

Installed  on  a  server,  the  software  uses 
distributed  agents  to  collect  data  from 
managed  nodes. 

EMC  Smarts’  and  Opsware’s  products 
compete  with  Appilog  (acquired  by 
Mercury),  Cendura,  Collation  (acquired  by 
IBM),  nLayers,  Relicore  (acquired  by 
Symantec)  and  Tideway  Systems. 


According  to  industry  watchers,  applica¬ 
tion-mapping  technology  has  reached  a 
point  where  it  can  no  longer  be  deployed 
as  a  point  product  but  must  be  integrated 
into  larger  configuration  and  other  man¬ 
agement  systems.  By  moving  away  from  its 
OEM  deal  with  nLayers  and  developing 
software  in-house,  Opsware  will  help  cus¬ 
tomers  roll  out  application-discovery  tech¬ 
nology  without  committing  to  a  major  inte¬ 
gration  project. 

“Opsware  provides  integration  mecha¬ 
nisms  and  APIs  which  may  become  an 
important  point  in  product  selection,”  says 
Jean-Pierre  Garbani,  a  vice  president  at 
Forrester  Research. 

The  software  integrates  with  other 
Opsware  products,  including  Network 
Automation  System  6.0  (announced  at 
Interop)  and  Server  Automation  System, 
to  help  IT  managers  track  changes  ac¬ 
tively  and  take  automated  action  based 
on  preset  policies. 

Scheduled  to  be  available  in  July, VAM  is 
priced  $100,000  for  1,000  nodes.  ■ 

NETWORK  MANAGEMENT 
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A  Global  Hotel  Company  Analyzing  1.4  Million  Records  a  Day. 

Running  On  Microsoft  SQL  Server  2005. 
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Are  Microsoft’s  cookies  super? 


Scott  Bradner 


On  May  2,  six  years  to  the  day 
after  Microsoft  filed  its  applica¬ 
tion,  the  U.S.  Patent  and  Trademark 
Office  granted  the  company 
patent  No.  7,039,699,  “Tracking 
usage  behavior  in  computer  sys¬ 
tems.”  Some  wags  dubbed  the 
technology  “super  cookie.”  They 
call  it  that  even  though  Microsoft 
limited  the  patent  in  some  speci¬ 
fic  ways  (probably  to  persuade 
the  patent  office  to  grant  it). It  flies 
in  the  face  of  IETF  guidance  on 
valid  cookie  use  and  provides 
information  that  is  generally 
redundant  with  what  Web  compa¬ 
nies  can  do  already 
At  first  read,  the  patent  (plug 
the  number  above  into  www.nw 


docfinder.com/3427  to  view  the 
text)  does  not  offer  much  that’s 
new,  even  if  you  take  into 
account  the  2000  filing  date. You 
would  learn  much  of  what  the 
patent  describes  in  a  Cookies  101 
class.  Most  of  its  concepts  also 
are  described  in  “HTTP  State 
Management  Mechanism,”  RFC 
2109,  from  February  1997 
(www.nwdocfinder.com/3428) 
and  its  update,  RFC  2965,  from 
October  2000  (www.nwdocfind 
er.com/3429).  (I’m  not  sure  why 
these  RFCs  are  not  referenced  by 
the  Microsoft  patent;  they  are 
clearly  relevant,  and  Microsoft 
does  know  about  the  IETF  and 
RFCs.)  To  issue  the  patent,  the 
USPTO  had  to  have  concluded 
the  technology  was  new  and 
unobvious  to  a  person  skilled  in 
the  art  of  cookies  in  May  2000. 

There  is  one  puzzling  restriction 
in  the  patents  claims  that  might 
hold  a  clue  as  to  why  the  USPTO 
reached  that  conclusion  (it  would 


take  a  careful  reading  of  the 
patent  offices  file  history  to  be 
sure).  For  example,  the  patent’s 
first  claim  is  limited  to  the  case  in 
which  there  is  a  “first  computer 
system  having  a  first  domain 
name  and  at  least  one  other  com¬ 
puter  system  having  a  second 
domain  name  that  is  different 
from  said  first  domain  name  and 
wherein  at  least  a  portion  of  the 
first  and  second  domain  names 
are  identical.”  The  other  main 
claims  have  similar  restrictions. 
Note  the  first  claim  does  not  say 
what  part  has  to  be  identical; 
maybe  it  could  be  “.com,”  in 
which  case  this  would  not  be  that 
much  of  a  restriction. 

The  patent  talks  about  all  the 
marvy  things  that  could  be  done 
with  information  from  cookies, 
including  targeted  advertising, 
special  display  formats,  special 
offers,  unique  services  and  creat¬ 
ing  a  “psychographic  profile”  of 
the  user.  Just  what  I  was  missing 


—  Microsoft  creating  a  psycho¬ 
graphic  profile  of  me  when  I  visit 
its  Web  site  to  get  a  patch  for 
Word.  The  body  of  the  patent 
talks  about  creating  a  “domain- 
level  cookie”  for  MSN’s  Web  site 
that  could  be  used  by  every  MSN 
online  service  to  record  or  find 
out  what  a  user  did  on  other 
MSN  sites.  The  patent  says, 
“Reading  from  the  domain 
cookie  would  be  equivalent  to 
checking  what  the  user  did  else¬ 
where  on  MSN.com.” 

I  can  see  how  it  would  be  useful 
for  an  MSN  online  travel  service  to 
know  I  just  bought  an  expensive 
camera  from  an  MSN  online  cam¬ 
era  store  so  the  travel  site  could 
point  me  to  expensive  resorts 
rather  than  Motel  6.  But  a  use  like 
this  violates  the  spirit,  if  not  the  let¬ 
ter  of  RFC  2964, “Use  of  HTTP  State 
Management”  (www.nwdocfind 
er.com/3430),the  IETF’s  statement 
of  best  practices  for  the  use  of 
cookies. 


In  the  end,  I  don’t  think  this 
patent  amounts  to  much, 
because  I  expect  MSN’s  online 
sites  are  exchanging  far  more 
information  already  about  their 
users  than  their  users  expect  and 
are  doing  so  without  using  the 
technology  in  this  patent.  I 
expect  Microsoft  is  not  alone  in 
doing  this,  which  is  why  I  have  set 
Firefox  to  wipe  out  all  cookies, 
other  than  a  select  few,  every  time 

1  exit  the  browser. 

Disclaimer:  Harvard,  like  other 

universities,  is  subject  to  federal 
rules  about  sharing  student 
information.  Too  bad  there  are 
not  similar  federal  rules  for 
nonstudents.  But  the  university 
has  no  opinion  about  this 
patent:  The  above  is  just  my  own 

2  cents’  worth. 

Bradner  is  a  consultant  with 
Harvard  University's  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


Workshare  appliance  aims  to  expose  leaks 

Device  gives  companies  a  glimpse  of  ongoing  privacy,  inteiiectual  property  and  financial  disclosure  violations. 


BY  ANN  BEDNARZ 

Workshare  this  week  is  expected  to 
announce  a  tool  to  help  users  get  a  handle 
on  how  much  confidential  and  sensitive 
information  is  distributed  inappropriately 
outside  company  boundaries. 

The  company’s  Trace  Enterprise  Network 
is  a  risk-assessment  ap¬ 
pliance  that  sits  at  the 
edge  of  the  network 
and  monitors  outbound 
e-mail  and  Web  traffic. 

It's  preconfigured  with 
basic  content-security 
policies  for  protecting 
customer,  financial  and 
intellectual  property 
information.  Companies 
customize  the  policies  to 
match  corporate  content 
security  concerns. 

Trace  Enterprise  Network  is  designed  for 
short-term  deployments.  In  conjunction 
with  a  Workshare  professional  services 
engagement,  companies  install  the  device 
for  as  long  as  two  weeks  to  find  vulnerabil¬ 
ities,  such  as  hidden  metadata,  sensitive 
customer  or  financial  information  and  pro¬ 
fanity  or  discriminatory  language,  in  outgo¬ 
ing  messages  and  documents. 

The  appliance  is  the  network  comple¬ 
ment  to  Workshare’s  Trace  Enterprise 
Client,  which  analyzes  historical  content 


sent  out  from  and  received  by  users’  PCs. 

Together,  the  products  bring  attention  to 
hidden  information,  such  as  metadata  or 
comments  embedded  in  documents,  and 
visible  content  that  shouldn’t  be  distrib¬ 
uted  according  to  business  or  regulatory 
policies,  says  Ken  Rutsky,  executive  vice 
president  of  Workshare. 
A  common  gaffe  the 
products  find  is  em¬ 
ployee  comments  acci¬ 
dentally  retained  in  the 
notes  of  a  sales  pro¬ 
posal,  Rutsky  says. 

“People  understand 
that  when  they  have 
10,000  employees  post¬ 
ing  blogs,  sending 
e-mails  and  doing  all 
sorts  of  electronic  com¬ 
munications,  there  is 
risk.  But  they  don’t  understand  the  extent 
of  the  risk,”  he  says. 

Scores  of  companies  have  come  under 
the  spotlight  when  sensitive  internal  infor¬ 
mation  is  leaked.  In  March,  Google  uninten¬ 
tionally  disclosed  certain  financial  projec¬ 
tions  when  slides  from  an  online  presenta¬ 
tion  contained  speaker  notes  Google  didn’t 
intend  analysts  to  see. 

With  the  risk  assessment  products,  Work- 
share  offers  tools  to  prevent  disclosures 
gaffes.  Its  Protect  Enterprise  Suite  includes 


network  and  client  products  to  alert  users 
to  risky  content,  block  sensitive  information 
leaving  networks,  and  cleanse  confidential 
content  before  it  gets  distributed. 

Competitor  SRS  Technologies  offers 
Document  Detective,  client  software 
designed  to  find  and  strip  hidden  data 


PostPath 

continued  from  page  25 

Linux  server  that  does  not  require  plug-ins 
to  interoperate  on  the  Exchange  network. 
In  addition,  native  Active  Directory  tools, 
such  as  those  used  for  creating  users  or 
moving  mailboxes,  also  work  with 
PostPath  Server. 

PostPath  is  offering  alternatives  to  other 
functions  within  Exchange,  such  as  a  data 
store  based  on  a  file  system  rather  than 
Exchange’s  Jet  database. 

In  the  file  system,  user  objects  have  a 
folder  containing  subfolders  for  calendar, 
in-box  and  other  features.  Each  message  in 
a  subfolder  is  represented  by  a  single  file. 
The  structure  allows  live  and  incremental 
backup  using  any  file  server  backup  tool. 
Restoration  is  simplified  in  that  users  drag 
and  drop  folders,  subfolders  or  even  single 
messages  to  restore  data. 

“Our  data  store  leverages  modern  file¬ 
system  and  modern  disk  technology  so 


and  metadata  including  tracked  changes, 
comments,  embedded  objects  and  object 
fragments.The  vendor  is  working  on  a 
server-based  version  of  the  software. 

Trace  Enterprise  Network  is  available  as 
part  of  Workshare’s  risk  assessment  services. 
Pricing  for  the  services  starts  at  $5,000.  ■ 


you  can  spend  a  lot  less  money  on  back¬ 
up  and  restore  software,”  says  Kerry 
Champion,  vice  president  of  technology 
for  PostPath. 

PostPath  Server  supports  commodity, 
direct-access,  network-attached  or  stor¬ 
age-area  network  storage,  and  uses  a  stan¬ 
dard,  Unix-type  Message  Transfer  Agent 
(MTA)  to  provide  a  broader  choice  of 
archiving  and  filtering  software  than  is 
supported  by  the  native  Exchange  MTA. 

PostPath  Server  runs  the  Microsoft 
LoadSim  tool,  which  simulates  Outlook 
clients  hitting  the  server.  Users  run  the 
tool  to  test  FostPath’s  performance  against 
that  of  Exchange.  The  company  claims 
a  10-fold  performance  boost  over  Ex¬ 
change  running  on  the  same  hardware. 

Pricing  has  not  been  set  but  will 
include  a  charge  for  the  server  and  a  per- 
seat  charge.  There  will  be  no  mailbox 
charge  or  client  access  licensing  for 
devices  connecting  to  Outlook  or  the 
server  itself.  ■ 


Accidental 

exposure 

According  to  Ponemon 
Institute,  in 

75% 

of  reported  data  security 
breaches,  the  most  common 
cause  is  unintentional 
user  error. 
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Dlete  network  visibility. 

's  more  frustrating  than  the  phrase 
in  my  wireless  router  from  home." 


Introducing  InterpretAir™  WLAN  Survey  and 
EtherScope™  Wireless  Network  Assistant  — 
everything  you  need  to  plan,  install,  troubleshoot  and 
manage  your  network.  An  efficient,  secure  and  effective 
wireless  network  doesn't  just  happen.  It  requires  a  good 
deal  of  pre-deployment  planning,  careful  installation, 
effective  troubleshooting  and  prudent  management.  That's 
why  we  offer  two  powerful  products.  InterpretAir  software 
reduces  overall  deployment  cost  by  carefully  mapping 
optimal  access  point  placement  using  graphical  site 
maps.  As  for  EtherScope  Wireless,  it's  the  first  802.11 
a/b/g  wireless  and  gigabit  wired-side  analysis  tool  that's 
compact  and  easy  to  carry  with  you.  Two  network  tools 
that  are  not  only  indispensable  for  planning  and  deploy¬ 
ment,  but  for  spotting  security  risks,  too.  Including  those 
created  both  innocently  and  not-so-innocently. 


To  learn  more  about  these  products  and  visit  our 
Wireless  Lifecycle  Management  Solution  Center,  go 
to  www.flukenetworks.com/wireless. 
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NeuStar  GEO  touts  DNS,  VoIP  plans 


NeuStar,  the  provider  of  telephone  and  Internet  directory 
services  to  the  telecom  industry,  is  on  a  roll.  In  February, 
the  Sterling,  Va.,  company  reported  eye-popping  finan¬ 
cials  for  2005,  with  revenue  up  4  7%  and  net  income  up 
22%.  In  April,  NeuStar  purchased  UltraDNS,  which  offers 
managed  DNS  services  to  leading  Web  sites,  such  as 
Amazon.com  and  Match.com.  Meanwhile,  NeuStar  is 
developing  a  service  designed  to  ease  VoIP  integration  issues  for  carriers. 
Network  World  Senior  Editor  Carolyn  Duffy  Marsan  recently  interviewed  Jeff 
Ganek,  chairman  and  CEO  of  NeuStar,  about  these  developments.  Here  are 
excerpts  from  their  conversation. 

How  does  UltraDNS  fit  in  NeuStar's  strategy? 

It  turns  out  that  our  products  are  very  similar.  All  networks  in  North  America 
depend  on  NeuStar  for  routing  voice  calls.  Internet  and  IP  networks  depend  on 


UltraDNS  for  routing  DNS  messages.  We  do  the  same  things:  We  are  both  trusted 
clearinghouses  of  directory  services  for  all  networks. 

What  are  your  plans  for  UltraDNS'  technology  and  staff? 

All  of  the  senior  management  are  staying.  NeuStar’s  reason  for  buying  UltraDNS  is 
that  it  is  a  very  strong  organization. They  have  great  technology  and  operations. 
They  run  their  systems  in  a  highly  reliable  fashion  24  by  7,  and  they  have  a  sales 
organization  that’s  producing  great  growth.  We  fully  intend  to  keep  all  the  employ¬ 
ees.  And  we  expect  to  expand  the  operation.  We  think  they  can  exceed  beyond 
what  they  are  already  achieving. 

What  plans  do  you  have  for  new  services  from  UltraDNS? 

UltraDNS  expands  NeuStar’s  capabilities  in  DNS  and  IRTogether,  NeuStar  and 
UltraDNS  are  the  routing  directories  for  more  than  25  top-level  domains,  including 
.org,  .biz,,  .us  and  .mobi. Together,  1  expect  we  will  be  as  essential  to  IP  traffic  as 
NeuStar  is  to  all-voice  traffic  in  North  America.  We  already  have  products  that 

See  Ganek,  page  33 


Short  Takes 


■  MegaPath  Networks  and  Netifice 

Communications  said  last  week  that 
they  have  completed  the  merger  of  their 
companies  announced  in  February.  The 
joined  companies  have  more  than  $125 
million  in  revenue.  Both  offer  managed 
VPN  and  other  IP  services  to  business 
users  around  the  world.  Netifice  cus¬ 
tomers  include  The  Leather  Factory, 
MortgagelT  and  Thomson  Prometic. 
MegaPath's  customers  include  Jenny 
Craig,  Radio  Shack  and  insurance  com¬ 
pany  UnumProvident.  The  merged  com¬ 
pany  will  use  the  MegaPath  name.  Craig 
Young,  chairman  and  CEO  at  Netifice,  will 
serve  as  CEO.  MegaPath's  former  CEO 
Brian  Service  left  the  company. 

■  BellSouth  last  week  announced  a 
guarantee  for  business  broadband  ser¬ 
vice  installation.  The  carrier  now  offers 
an  installation  guarantee  of  five  days 
instead  of  15  for  customers  of  its  Bell¬ 
South  FastAccess  Business  DSL  service. 
BellSouth  says  it  also  offers  a  credit 
guarantee  equivalent  to  three  days  of 
monthly  recurring  charges.  BellSouth 
says  it  has  more  than  345,000  small-busi¬ 
ness  customers  for  its  FastAccess 
Business  DSL  service. 


The  Greeks  can  take  credit  for  plenty  of 
firsts,  starting  with  modern  civilization, 
democracy,  mathematics  and  philosophy 
Here’s  another  they  might  not  be  in  such  a 
hurry  to  claim:  the  first  known  example  of 
illegal  wiretapping  of  phone  calls  using 
legally  installed  software. 

No,  I’m  not  making  this  up.  I  even  pre¬ 
dicted  it:  A  few  weeks  back  I  wrote  a  col¬ 
umn  highlighting  the  dangers  of  govern¬ 
ment-mandated  built-in  wiretapping  (see 
www.nwdocfinder.com/3435).  As  I  wrote 
then, “Building  networks  that  are  inherently 
‘tapable’  seems  to  me  to  be  fundamentally 
bad  security  design,  because  anything  the 
good  guys  can  do,  the  bad  guys  can  do,  too.” 

It  seems  they  already  have.  Earlier  this 
year,  news  broke  that  unnamed  bad  guys 
had  been  wiretapping  the  Vodafone  cel¬ 
lular  network  in  Greece  from  just  before 
the  Athens  Olympics  in  August  2004  until 
March  2005.  Targets  reportedly  included 
Greek  Premier  Costas  Caramanlis,  the 
major  of  Athens  and  senior  state  security 
officials  —  along  with  senior  military 


Wiretapping  gone  awry 


officers,  human  rights  activists,  journal¬ 
ists,  Arab  businessmen  and  the  United 
States  Embassy.  The  leak  was  ultimately 
traced  to  software  installed  in  the 
switches  to  enable  the  lawful  intercept 
of  traffic,  which  had  been  hijacked  by 
rogue  programmers. 

That’s  right:  Ericsson  put  wiretapping  soft¬ 
ware  in  its  switches  to  comply  with  legal 
requirements  —  and  the  bad  guys  used  it  in 
decidedly  illegal  ways.  What  a  surprise. 

As  you  might  expect,  plenty  of  finger¬ 
pointing  has  ensued.  Vodafone  blames 
Ericsson, saying  it  had  no  idea  the  switches 
contained  wiretapping  software  —  a  claim 
adamantly  denied  by  Ericsson’s  Greek  CEO, 
Bill  Zikou,who  maintains  that  Ericsson  pro¬ 
vided  all  relevant  details  about  the  switch¬ 
es’  capabilities  to  Vodafone  management 
and  says  the  responsibility  to  protect  sub¬ 
scribers  was  with  Vodafone. 

And  everybody  blames  the  Greek  govern¬ 
ment  for  failing  to  expose  and  remediate 
the  situation  in  a  timely  fashion.  As  a  jour¬ 
nalist  pointed  out  during  a  briefing  by  the 
Greek  government  earlier  this  year  (well 
over  a  year  after  the  event):“lt  isn’t  the  gov¬ 
ernment  that  made  it  public  —  it  was  the 
CEO  of  Vodafone.”  (For  a  partial  transcript  of 
this  briefing  and  other  informative  details, 


check  out  www.nwdocfinder.com/3436.) 

Disturbingly  nobody  seems  quite  sure  of 
the  culprits’ identities,  let  alone  their  motives 
(though  the  selection  of  targets  seems  to 
clearly  imply  political  aims).  In  one  of  the 
funnier  moments  during  the  whole  episode, 
the  Greek  government  initially  denied  the 
possibility  the  culprits  could  be  Greek,  on 
the  theory  that  Greek  geeks  lack  the  techni¬ 
cal  knowledge  necessary  to  pull  off  such  a 
sophisticated  hack  —  surely  news  to  the 
many  world-class  computer  scientists  and 
engineers  who  hail  from  Hellas. 

So  here’s  the  thing:  As  I  noted  previously, 
law  enforcement  agents  need  the  tools  to 
do  their  jobs.  But  building  “tapability”  into 
networks  isn’t  the  way  to  make  that  hap¬ 
pen.  Whether  you’re  more  concerned 
about  unauthorized  government  intrusion 
or  attacks  by  criminally  minded  geeks 
(and  history  suggests  you  should  fear 
both),  embedding  tapability  into  the  net¬ 
work  is  a  bad  idea. 

Too  bad  we’ve  codified  this  particular 
bad  idea  into  our  law. 

Johnson  is  president  and  senior  founding 
partner  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


* 


re  convergence  is  the  path  to  greater  harmony  and  sustained  growth 

&T  enables  James  to  integrate  voice,  data  and  video  onto  one  global 
countries.  So  his  company's  applications  run  more  efficiently  around 
nessOirec-t;  James  gains  not  only  the  control  and  visibility  of  his  entire 
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Ganek 

continued  from  page  31 

NeuStar  has  announced  that  are  com¬ 
plemented  by  UltraDNS  offerings.  One 
great  example  is  SIP-IX.  NeuStar  an¬ 
nounced  SIP-IX  in  the  fourth  quarter  of 
last  year.  SIP-IX  is  a  standard  that  has 
been  accepted  by  all  the  players  in  the 
industry  as  essentially  the  signaling  and 
administrative  function  forVolPand  we 
think  it  is  a  groundbreaking  offering. The 
existing  UltraDNS  infrastructure  —  their 
global  DNS  network  —  is  a  strong  plat¬ 
form  for  the  distribution  and  accessi¬ 
bility  of  SIP  services. 

What  is  the  status  of  SIP-IX  in  the  United 
States? 

SIP  is  going  to  be  to  the  Internet  what 
Signaling  System  7  [SS7]  has  been  to  the 
voice  world.  We’ve  been  the  lead  propo¬ 
nent  of  SIP-IX,  and  we’ve  been  participat¬ 
ing  at  the  IETF  in  its  definition.  We’ve  cre¬ 
ated  a  platform  that  provides  a  broad 
range  of  SIP  functions,  and  we  signed 
exclusive  agreements  with  Internet 
exchange  points  around  the  globe  to 
exclusively  put  NeuStar’s  SIP-IX  platform 
in  their  data  centers  to  make  SIP  func¬ 
tionality  available  by  the  transaction  to 
any  and  all  networks  that  converge  at 
those  network  exchange  points.  Internet 
exchange  points  that  handle  more  than 
70%  of  the  world’s  Internet  traffic  have 
signed  on  to  NeuStar’s  SIP-IX  platform. 


BY  DENISE  PAPPALARDO 

AT&T  CEO  Ed  Whitacre  last  week  talked 
up  the  carrier’s  plans  to  reach  more  users 
with  broadband  services  whether  they  live 
in  a  metropolitan  or  rural  area. 

In  a  speech  at  the  Detroit  Economic 
Club,  Whitacre  said  AT&T  will  introduce  a 
new  satellite  service,  expand  its  fixed-wire¬ 
less  trials  and  commit  to  delivering  the 
carrier’s  Project  Lightspeed  IP  video  ser¬ 
vice  to  more  than  5.5  million  low-income 
households  within  three  years. 

AT&T  is  teaming  with  WildBlue  to  offer 
satellite-based  broadband  Internet  access 
service  in  select  rural  markets  in  SBC’s  13- 
state  local  serving  areas  where  DSL  is  not 
available. The  service,  which  will  be  called 
AT&T  High  Speed  Internet  Access,  pow¬ 
ered  by  WildBlue,  is  expected  to  be  avail¬ 
able  later  this  month. 

The  service,  which  will  support  as 
much  as  1.5Mbps  downstream  and  as 
much  as  256Kbps  upstream,  will  cost 
between  $50  and  $80  per  month  depend¬ 
ing  on  bandwidth  options. 


What  will  SIP-IX  mean  to  enterprises? 

Large  enterprises  have  very  complex  IP 
links  all  around  the  world  provided  by 
different  ISPs.The  SIP-IX  platform, 
because  it  is  positioned  in  the  Internet 
exchange  points,  is  accessible  to  all  the 
ISPs.  So  every  enterprise,  whether  they 
own  their  own  transport  facilities  and 
connect  directly  to  the  ISP  or  whether 
they  use  a  network  provider,  can  get  com¬ 
patible,  worldwide  end-to-end  SIP  func¬ 
tionality  across  their  own  transport  facili¬ 
ties  and  across  those  of  all  the  ISPs  within 
their  corporate  enterprise  networks. 

When  will  SIP-IX  be  commercially  available  in 
the  United  States? 

It’s  on  a  trial  basis.  It’ll  be  operational 
before  the  end  of  June. 

What  is  the  status  of  NeuStar's  work  in  Enum 
(an  emerging  standard  that  translates  tele¬ 
phone  numbers  into  corresponding  Internet 
addresses)? 

NeuStar  has  an  Enum  capability  up  and 
operating  today.  It’s  going  to  be  a  feature 
on  the  SIP-IX  platform, so  it’s  easily  acces¬ 
sible  to  all  enterprises,  all  carriers  and  all 
ISPs.  Frankly,  we’re  just  waiting  for  the 
market  to  catch  up  with  the  technology 
and  the  product  that’s  available  today. 

How  does  the  UltraDNS  acquisition  position 
NeuStar  against  VeriSign? 

We  rarely  compete  against  VeriSign. 
VeriSign  is  a  large  customer  of  ours.They 


AT&T  is  conducting  fixed  wireless  trials 
in  Alaska,  Atlanta,  Middletown,  N.J.,  and 
Rotterdam,  the  Netherlands.  The  carrier 
says  it  will  start  new  WiMAX  trials  this  sum¬ 
mer  in  Pahrump,  Nev.,  and  Red  Oak  and 
Midlothian,  Texas.  The  trial  in  Nevada  will 
use  licensed  spectrum,  and  the  trial  in 
Texas  will  use  unlicensed  spectrum. 

The  service  provider  plans  to  offer  the 
trial  service  to  residential  and  small  busi¬ 
ness  customers  supporting  384K  to 
1.5Mbps  downstream  and  128K  to 
384Kbps  upstream. 

Whitacre  also  restated  the  company’s 
plan  to  offer  its  Project  Lightspeed  video 
service  in  41  markets  within  three  years. 
The  company  also  is  committed  to 
reaching  low-income  households,  as 
identified  by  the  U.S.  Census  Bureau. 
AT&T  is  building  its  own  IP  video  net¬ 
work  in  these  41  markets. 

AT&T  says  it  plans  to  spend  $4.6  billion 
on  Project  Lightspeed  by  the  end  of 
2008  to  reach  19  million  homes  with  its 
initial  deployment.  ■ 


bought  llluminet.a  large  SS7  provider, 
and  NeuStar’s  local  number  portability  is 
the  killer  application  of  the  SS7  network. 
VeriSign  doesn’t  do  any  of  the  telephone 
number  directory  work  that  we  do.  In  the 
DNS  space,  they  do  .com  and  .net.  We  do 
different  domains,  but  we  don’t  compete 
with  each  other.  We  have  similar  opera¬ 
tions,  but  our  DNS  directory  is  four  or 
five  times  larger  than  VeriSign’s. 

Does  NeuStar  have  any  other  acquisitions 
planned? 

The  market’s  need  for  directory  ser¬ 
vices  is  growing  very  quickly,  and  to  the 
extent  that  market  needs  require  it,  we 
intend  to  expand  the  clearinghouse  ser¬ 
vices  that  we  provide.  Mergers  and 
acquisitions  are  a  great  way  to  do  that. 

NeuStar  acquired  Foretec  in  December  and 
took  over  the  secretariat  function  for  the 
IETF.  How  is  that  going? 

We  think  it  is  going  very,  very  well. 
That’s  the  feedback  we  get  from  the 
IETF  NeuStar  is  all  about  open  stan¬ 
dards.  We  are  all  about  the  work  that 
happens  at  the  IETF  to  establish  the 
technical  foundation  that  allows  for 
interoperability. The  IETF  needed  help  in 
doing  the  secretariat  work  —  the  admin¬ 
istrative  work  of  the  regular  IETF  meet¬ 
ings  and  the  background  paperwork  — 
and  NeuStar  is  happy  to  step  up  and  do 
that,  because  it’s  another  dimension  of 
how  we  are  dedicated  to  operating  as  a 
neutral  third  party  between  rivalrous 
network  providers.  Foretec  is  a  small 
business.  It’s  not  an  entity  that  is  going 
to  provide  material  growth  or  profits. 

But  it  is  a  critical  function  that  the 
industry  needs,  and  NeuStar  is  doing  it 
in  that  light. 

How  do  you  explain  NeuStar's  financial  suc¬ 
cess  given  the  overall  weakness  in  the  U.S. 
telecom  industry? 

It  turns  out  that  networks  are  using 
[our  product]  for  more  purposes  than 
any  of  them  had  anticipated.  Despite  the 
fact  that  we  have  lowered  our  prices  sev¬ 
eral  times,  volumes  of  their  usage  have 
continued  to  exceed  NeuStar’s  projec¬ 
tions.  What  was  originally  a  local-number 
portability  directory  put  in  place  so  end 
users  could  keep  their  telephone  num¬ 
bers  when  they  moved  is  now  a  dy¬ 
namic  call-routing  system  that  network 
operators  use  to  manage  the  architec¬ 
tures  of  their  networks.  So  every  time 
there  is  a  change  in  the  technology  of 
the  network  —  such  as  going  from  the 
old  voice  to  the  new  IP  technology  — 
every  time  there’s  a  larger  merger  and 
acquisition  among  the  telcos,  every  time 
there’s  a  change  in  the  architecture  of 
the  menu  of  end  user  services  that  the 
carriers  are  offering,  the  carriers  rely  on 
NeuStar  to  reconfigure  their  networks. 

All  of  that  drives  very  high  volumes.  ■ 


AT&T  pitches  alternatives 
to  fill  in  broadband  gaps 


Dynamic 

Networking. 

Delivered. 

Dynamic  Networking  from 
AT&T  is  a  comprehensive 
approach  to  optimizing 
business  performance 
including  the  Services  and 
intelligence  of  a  converged 
networking  environment. 

Converged  networking 
delivers: 


High-performing 
business  applications  for 
greater  value,  efficiency 
and  productivity. 

Information  delivered 
faster  to  the  people 
I  who  need  it  —  decision 
makers,  sales,  customers 
and  suppliers  —  for 
increased  collaboration 
and  responsiveness. 


1 


Improved  control  across 
all  activities  in  the 
organization  to  identify 
changing  circumstances 
and  adjust  network 
performance  in  response. 

One  global  IP  network 
that  reaches  127  countries 
for  flexible  growth. 


Learn  how  Dynamic 
Networking  can  enable 
your  enterprise  by 
downloading  the  white 
paper  series,  Convergence, 
A  Four  Point  Framework,  at 
att.com/networkina.  :  % 
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VeriSign  intelligent  infrastructure  at  work 
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Deliver  ringtones,  pictures, 
'  and  games  that  provide  a  r 
rffbbile  content  experience 


"■'2006  VeriSign,  Inc.  All  rights  reserved.  VeriSign.  the  VeriSign  logo,  "Where  it  all  comes  together,"  and  other  trademarks,  service  marks, 
and  designs  are  registered  or  unregistered  trademarks  of  VeriSign  and  its  subsidiaries  in  the  United  States  and  in  foreign  countries. 


Every  day,  VeriSign  intelligent  infrastructure  services  enable  and  protect  all  kinds  of  interactions  over 
the  world’s  voice  and  data  networks,  helping  to  drive  a  dramatic  transformation  in  the  way  people 
work,  play,  and  live.  That’s  why  today’s  global  carriers,  service  providers,  media  companies,  and  portals 
are  relying  on  VeriSign  to  integrate  communications,  commerce,  and  content  into  a  single,  seamless 

experience  for  their  customers.  VeriSign:"  Where  it  all  comes  together.™ 


Get  to  market  faster  with 
next-generation  voice  and 
managed  services. 


www.verisign.com/intelligence 

Download  the  free  white  paper  on  intelligent  infrastructure  services. 


VeriSign 
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Edge  router  market  invites  more  players 


The  multiservice  market 


The  ability  to  combine  disparate,  service-specific  networks 
is  one  of  the  drivers  behind  demand  for  edge  routers. 
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Carriers  are  required  to  operate,  maintain 
and  support  three  distinct  networks  for  IP, 
ATM  and  SONET  traffic. 
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Multiservice  edge  routers  enable  carriers  to  decrease 
operational  costs  by  consolidating  Layer  2/3  networks 
and  the  devices  required  to  access  them. 


BY  JiM  DUFFY 

hree  trends  are  dri¬ 
ving  the  edge  router 
market:  IP  TV  carrier 
Ethernet  and  multi¬ 
service  networking. 

These  are  also  the  reasons 
that  the  edge  router  market 
is  expected  to  grow  21% 
this  year  to  just  less  than 
$3.2  billion, the  same  rate  of 
growth  for  2005,  according 
to  the  Dell’Oro  Group. 

Edge  routing  is  crucial  in 
IP  TV  for  Ethernet  and 
broadband  aggregation, 
and  IP  services  delivery. 

Ethernet  and  broadband 
aggregation  routers  collect 
thousands  of  Ethernet  and 
DSL  access  feeds  from  sub¬ 
scribers  for  connection  to 
IP  TV  content. 

IP  service  edge  routers 
personalize  those  connections  by  identify¬ 
ing  the  subscriber  and  implementing  video 
subscription  policies  and  preferences  to 
the  user/content  interaction. 

“Video  is  such  a  big  bandwidth  sucker 
that  it’s  really  forced  [carriers]  out  of  a 
mind-set  of  incremental  change  to  their 
networks,  to  network  transformation  in  the 
aggregation  and  transport  areas,”  says  Mark 
Seery  vice  president  of  IP  service  infra¬ 
structure  research  at  RHK/Ovum. 

This  is  where  Alcatel  has  made  the  most 
inroads  in  edge  routing.  AT&T  chose 
Alcatel  as  a  supplier  and  integrator  for  the 
carriers  Project  Lightspeed  fiber-to-the- 
node  buildout,  which  will  support  IP  TV 
and  other  broadband  applications. 

Alcatel’s  share  of  the  IP  aggregation  seg¬ 
ment  in  edge  routing  rose  from  9.2%  in  the 
second  quarter  of  2005  to  25.6%  in  the 
fourth  quarter,  according  to  Synergy  Re¬ 
search,  caused  largely  by  Project  Light- 
speed  and  other  IP  TV  buildouts. 

Ethernet  service  delivery  to  enterprises  is 
another  key  growth  niche  for  edge  routers. 
According  to  lnfonetics  Research,  world¬ 
wide  Ethernet  service  revenue  was  up 
132%  to  $5.9  billion  in  2005  and  is  expected 
to  jump  280%  between  2005  and  2009. 

That  will  spur  plenty  of  sales,  lnfonetics 
now  trades  a  new  segment  of  service  pro¬ 
vider  product  specifically  for  Ethernet  ser¬ 
vice  delivery  and  aggregation  applications: 
the  carrier  Ethernet  switch  router  (CESR). 

CESR  sales  are  expected  to  more  than 


double  to  $5  billion  from  2005  to  2009,  as 
carriers  become  increasingly  reliant  on 
Ethernet  to  transport  IP  traffic  in  their  net¬ 
works,  according  to  lnfonetics. 

“What  we’re  seeing  there  is  the  desire 
from  a  customer  standpoint  to  do  more 
than  just  plain-Jane  best-effort  Ethernet,” 
says  Mike  O’Malley,  group  manager  of  port¬ 
folio  marketing  at  Teliabs.  “The  realization 
is  that  I  want  to  differentiate  my  Ethernet 
offering  with  the  same  type  of  [service- 
level  agreements]  that  I  can  offer  today  on 
ATM  in  order  to  capture  that  additional 
price  premium  from  . . .  quality  of  service 
guarantees.” 

But  the  forte  of  Teliabs’  8800  multiservice 
router  is  just  that  —  multiservice  routing. 
Multiservice  routing  entails  aggregation 
and  provisioning  of  multiple  Layer  2  data 
services  —  Ethernet,  frame  relay  ATM  and 
private  line  —  for  enterprise  service  trans¬ 
port  or  delivery  over  an  IP/MPLS  core. 

The  selling  point  for  carriers  is  that  they 
can  consolidate  multiple  overlay  net¬ 
works,  each  dedicated  to  one  service,  into 
a  single  converged  network  supporting 
multiple  services.  Not  only  is  this  easier  for 
a  service  provider  to  manage,  but  it 
reduces  capital  and  operating  expendi¬ 
tures  —  money  that  could  reduce  the  cost 
of  telecom  services  for  enterprises  or  be 
invested  back  into  the  carrier  network  for 
additional  service  rollouts. 

The  Teliabs  8800  is  a  key  component  of 
Verizon  Business’  (the  former  MCI)  Con¬ 


verged  Packet  Access  edge  architecture. 

Another  application  where  the  Teliabs 
8800  is  finding  traction  is  wireless  aggrega¬ 
tion  and  backhaul  —  the  practice  of  taking 
traffic  beyond  its  destination  and  then  back 
to  it  in  order  to  reduce  expense  or  accom¬ 
modate  changing  transmission  patterns.  As 
more  users  access  content  from  their  hand¬ 
held  devices,  PDAs  and  cell  phones,  wire¬ 
less  becomes  just  another  access  technol¬ 
ogy  to  support  at  the  edge  for  transport  and 
delivery  of  content  through  the  core. 

lnfonetics  says  wireless  backhaul  will  be 
one  of  the  hottest  market  segments  over 
the  next  five  years.  The  firm  recently  sur¬ 
veyed  29  incumbent  local  exchange  carri¬ 
ers,  interexchange  carriers,  ISPs  and  com¬ 
petitive  LECs.  More  than  50%  offer  mobile 
voice  and  data  services,  and  of  these  73% 
build  their  own  transport  network  to  do 
the  backhauling. 

This  was  one  of  the  factors  that  prompt¬ 
ed  Nortel  to  exit  the  multiservice  inter¬ 
working  market  for  its  MPE  9000  edge  rout¬ 
ing  in  favor  of  wireless  backhaul  and  VoIP 
Another  factor  was  that  Nortel,  by  its  own 
admission,  is  not  a  leading  vendor  in  the 
carrier  data  service  market. 

Redback  is  one,  though,  specifically  in 
DSL/broadband  aggregation.  The  compa¬ 
ny’s  revenue  in  edge  routers  ranging  from 
2.5Gbps  per  slot  to  lOGbps  per  slot  more 
than  doubled  from  2004  to  2005,  from  $44.9 
million  to  $91.9  million,  Dell’Oro  says. 

Redback  says  customers  are  now  looking 


at  the  company’s  SmartEdge 
routers  for  more  than  broad¬ 
band  aggregation. 

“Everyone,  without  excep¬ 
tion,  is  building  or  at  least 
thinking  of  deploying  a  new 
IP  edge  network  that  sup¬ 
ports  multiple  services  at  a 
single  IP  edge,”  says  Marco 
Wanders,  chief  marketing 
officer  at  Redback.  “The  way 
that  routers  need  to  handle 
traffic  is  fundamentally  differ¬ 
ent  than  what  it  used  to  be. 
Routers  have  always  been 
designed  to  do  either  busi¬ 
ness  services  or  a  single  con¬ 
sumer  service  [such  as] 
Internet  access.  Right  now, 
routers  need  to  be  support¬ 
ing  multiple  services  at  the 
same  time.” 

A  key  component  of  enab¬ 
ling  multiple  services  from  a 
single  IP  edge  architecture  is  virtual  rout¬ 
ing,  Wanders  says.  Virtual  routing  lets  ser¬ 
vice  providers  partition  and  isolate  public 
and  private  services  in  a  single  router  into 
separate  physical  and  logical  routing 
domains.  This  allows  them  to  also  sepa¬ 
rate  traffic  in  a  single  router. 

Redback’s  latest  instantiation  of  virtual 
routing  is  housed  in  the  SmartEdge  100, 
which  debuted  in  March.  The  SmartEdge 
100  is  intended  to  enable  the  delivery  of 
residential  tripleplay  broadband  services, 
including  VolR  real-time  video  and  content 
delivery,  and  business  Ethernet  services 
such  as  MPLS-  and  Virtual  Private  LAN  Ser- 
vicebased  VPNs. 

The  router,  a  scaled-down  version  of 
Redback’s  SmartEdge  400  and  800  models, 
is  designed  for  new  network  deployments, 
such  as  wireless  network  aggregation  and 
backhaul,  and  multitenant  units,  such  as 
university  dormitory,  hospitality,  healthcare 
and  government  organizations. 

With  a  variety  of  applications  and  require¬ 
ments,  the  market  for  edge  routers  remains 
healthy  —  so  much  so  that  Alcatel,  Teliabs 
and  Redback  are  making  inroads  and  open¬ 
ing  the  market  to  more  players  than  just  the 
duopoly  of  Cisco  and  Juniper. 

“We’re  seeing  a  continual  movement 
toward  converging  networks  together,  but 
the  competition  hasn’t  changed,”  Teliabs 
O’Malley  says.The  customer  that  can  deliv¬ 
er  the  same  services  most  efficiently  is 
going  to  win.”B 
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Agents  can  now  access  expertise  from  virtually  any  employee  with  Nortel's  Expert  ;  vv 
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Anywhere.  Giving  customers  the  answers  they're  looking  for  on  first  contact.  That's 


why  we  are  trusted  to  answer  more  than  200  million  customer  calls  per  day  worldwide. 
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Business  Made  Simple,  Nortel,  the  Nortel  logo,  and  the  Globemark  are  trademarks  of  Nortel  Networks. 
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REPELS  INTRUDERS, 
EMBRACES  SIP  PROTOCOL 


shouldn’t  create  security  issues  for  your  business.  It  since  encryption  is  a  standard  feature,  it  is  impossible  for  anyone  to  intercept 

hat’s  why  the  Zultys  MX250  IP  PBX  runs  on  sensitive  communications.  Best  of  all,  the  Zultys  MX250  does  all  this 

a  real-time  Linux  operating  system  that  is  straight  out  of  the  box.  To  learn  more  about 

secure  and.  not  vulnerable  to  attack.  And,  adding  secure  VoIP,  access  www.zultys.com/nw. 


VoIP  vs.  VolQ 
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Security  analyzers  target  vulnerabilities 


HOW  IT  WORKS:  Security  analyzers 

A  security  analyzer  emulates  hacking  to  discover  vulnerabilities  in  network 
applications  and  devices. 


O  The  security  analyzer  subjects  the  target  under  analysis  to  an  onslaught  of  attacks  that  abuse 
standard  protocols. 

B  The  analyzer  then  constantly  monitors  and  assesses  behavior  of  the  target  under  analysis. 

B  The  analyzer  creates  a  detailed  audit  trail  of  problems  or  anomalies  for  later  analysis  or  remediation. 

□  When  necessary,  the  analyzer  automatically  resets  the  target  under  analysis  via  the  command  line 
interface  or  by  cycling  its  power. 


BY  KOWSIK  GURUSWAMY 

Protocol  abuse  targets  vulnerabilities  in 
many  types  of  devices  and  applications, 
from  firewalls,  VoIP  controllers  and  VPN 
gateways  to  intrusion-prevention  systems 
and  other  perimeter  defense.  Despite  the 
considerable  investments  made  in  secu¬ 
rity  infrastructure,  many  vulnerabilities 
remain  undetected. 

To  alleviate  protocol  abuse,  a  new  class  of 
product  —  the  security  analyzer  —  can 
help  IT  departments  assess  the  security  of 
IP-based  products,  service  or  applications. 
A  security  analyzer  utilizes  a  rigorous  pro¬ 
cess,  complete  with  an  audit  trail  and  reme¬ 
diation  scripts, to  find  and  fix  vulnerabilities 
before  deploying  systems  and  software  into 
production  networks. 

A  security  analyzer  connects  to  a  sys¬ 
tem  and  emulates  hacking  by  generaliz¬ 
ing  techniques  hackers  employ  and 
applying  these  as  a  comprehensive  set  of 
protocol  attack  vectors  in  a  systematic, 
repeatable  fashion.  Unlike  source  code 
analyzers  and  vulnerability  assessment 
tools,  security  analyzers  can  be  used  by 
nonexperts  to  assess  systems  and  appli¬ 
cations  in  a  lab  environment. 

Security  analyzers  detect  known  and  un¬ 
known  zero-day  vulnerabilities  by  subject- 


Got  great  ideas? 


■  Network  World  's  looking  for  great  ideas 
for  future  Tech  Updates.  If  you've  got  one, 
and  want  to  contribute  it  to  a  future  issue, 
contact  Senior  Managing  Editor,  Features  Amy 

Schurr  (aschurr@nww.com). 


ing  the  target  system  or  software  to  many 
permutations  and  combinations  of  proto¬ 
col  abuse  attacks.  To  analyze  for  unknown 
vulnerabilities,  maximum  protocol  abuse  is 
achieved  through  extremes  of  valid,  invalid 
or  unexpected  inputs  that  violate  the  pro¬ 
tocol’s  specifications.  Examples  of  these  ex¬ 
tremes  include  formatting  a  fields  type, 
length  or  value  incorrectly  inserting  illegal 
characters  and  adding  trailing  blanks. 

The  key  to  finding  protocol  vulnerabilities 
is  understanding  a  protocol’s  potential 
weak  spots.  Comprehensive  coverage  is  crit¬ 
ical  because,  just  as  the  failure  of  a  single 
part  can  cause  an  airplane  to  crash,  a  single 
protocol  vulnerability  can  expose  an  entire 
network  to  attack.  But  to  be  truly  effective, 
security  analyzers  must  also  operate  effi¬ 
ciently  with  a  finite  and  well-conceived  set 
of  protocol  attack  vectors. 

A  security  analyzer  subjects  the  target  sys¬ 
tem  or  application  to  a  large  number  of 
attacks  —  potentially  millions.  During  this 
onslaught,  the  state  of  the  target  is  continu¬ 
ously  monitored.  Details  about  any  anom¬ 
aly  or  unexpected  result  are  logged  in  a 
database  that  provides  a  complete  audit 
trail  to  establish  baselines  and  historical 
regressions  that  are  useful  when  comparing 
products,  releases  or  configurations.  An 
analyzer  also  can  create  a  self-extracting 
Linux-based  executable  file  capable  of  rep¬ 
licating  the  exact  attack  for  each  vulnera¬ 
bility.  This  file  then  can  be  shared  with  the 
vendor  or  development  team  to  expedite 
the  remediation  effort. 

When  the  target  under  analysis  fails  or 
locks  up  (the  intended  result  of  many 
hacker  attacks),  the  security  analyzer 
issues  a  reset  command  through  an  out-of¬ 


band  channel.  If  this  fails,  the  analyzer  re¬ 
boots  the  target  system  by  cycling  its 
power  off  and  on  again.  Such  automated 
controls  allow  the  full  security  analysis  to 
be  completed  while  unattended,  poten¬ 
tially  overnight. 

The  ability  to  pinpoint  vulnerabilities  in  a 
stand-alone  system  or  application  provides 
a  practical  way  to  compare  competitive 
product  offerings,  possibly  against  a  bench¬ 
mark,  before  making  a  purchase  decision. 
Additional  post-purchase  applications  in¬ 
clude  alerting  the  vendor  to  a  vulnerability 
and  assisting  with  the  remediation  effort, 
verifying  patches  or  profiling  new  releases 
as  part  of  a  change  management  process, 


and  evaluating  and  contrasting  specific  sys¬ 
tem  configurations.  An  analyzer  also  can 
assess  the  effect  of  changes  in  the  enter¬ 
prise  security  policy  evaluate  internally 
developed  software  for  vulnerabilities,  and 
perform  complete  security  audits. 

Security  analyzers  will  enable  IT  depart¬ 
ments  to  minimize  vulnerabilities  —  and 
their  costly  consequences  —  throughout 
enterprise  networks  without  increasing  the 
budget  for  defense-in-depth  protections  or 
security  consulting. 

Guruswamy  is  co-founder  and  CTO  of  Mu 
Security.  He  can  be  reached  at  kowsik@muse 
curity.com. 


Ask  Dn  Internet  By  Steve  Blass 


We  use  the  directory  index  listing  feature  to 
display  the  directory  of  our  document  archive 
on  an  Apache  Web  server.  Long  file  names  are 
getting  chopped  off  by  Apache  in  the  gener¬ 
ated  Web  pages.  Can  we  configure  the  server 
to  show  the  entire  file  names  in  directory 
index  listing  pages? 

Yes  —  Apache  Versions  1.3.2  and  later  can  use  con¬ 
figuration  directives  provided  by  the  mod_autoindex 


module  to  customize  the  appearance  of  automatically 
generated  directory  index  listings.  To  do  this,  use  the 
NameWidth  option  available  as  part  of  the 
IndexOptions  directive,  This  directive  can  be  used  in 
the  main  server  configuration  file,  a  virtual  host  or 
directory  configuration  section,  or  in  a  directory-level 
htaccess  file.  Place  a  line  in  your  configuration  that 
looks  like  “IndexOptions  NameWidth=*".The  asterisk 
is  a  wild  card  that  tells  Apache  to  give  as  much  space 
to  the  file  name  column  as  needed  to  show  the 


longest  file  name  in  the  list.  You  can  set  a  specific 
width  by  replacing  the  asterisk  with  the  number  of 
characters  you  want  to  use  for  the  column.  Other 
options  include  Fancyindexing  to  show  file  and  folder 
icons,  and  FoldersFirst  to  tell  Apache  to  list  folders 
above  file  names  in  directory  listings. 

Blass,  a  network  architect  at  Change@Work  in 
Houston,  can  be  reached  at  dr.internet@changeat 
work.com. 
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Color  profiles  simplified  (sort  of) 


GEARHEAD 

INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


Last  week  we  discussed  the  Lyson 
Continuous  Ink  System,  which  we 
are  very  impressed  with.  We  con¬ 
cluded  with  the  note  that  we  had 
attempted  to  fine-tune  the  output 
color  profiles  and  managed  to  screw 
them  up  royally 

A  couple  of  calls  to  Lyson’s  chief 
support  manager,  Ken  Holtane,got  us 
sorted  out.  It  turns  out  that  two  things 
were  wrong  —  Lyson’s  documenta¬ 
tion  for  OS  X  10.4  wasn’t  accurate  (to 
be  fixed  soon), and  we  had  misun¬ 
derstood  how  color  profiles  are  implemented  under  OS  X. 

Last  week,  for  a  good  reason,  we  didn’t  explain  what  color 
profiles  are.  Such  a  discussion  could  occupy  every  Gear- 
head  for  the  next  six  months  even  if  we  were  attempting  to 
cover  just  the  basics  (for  the  Wikipedia  entry  go  to  www. 
nwdocfinder.com/3437). 

For  this  reason,  we  are  going  to  simplify  the  topic:  A  color 
profile  is  the  range  of  colors  that  a  given  reproduction  sys¬ 
tem  (such  as  a  monitor  or  a  printer)  can  display  from  the 
entire  range  of  possible  colors. 

The  color  space  most  of  us  are  familiar  with  is  RGB,  or 
red,  green  and  blue,  which  is  an  additive  model  —  adding 
different  amounts  of  each  color  creates  a  specific  hue. 

The  problem  is  that  RGB  doesn’t  define  what  red,  green 
and  blue  mean.  For  that,  we  need  to  turn  to  absolute  color 
spaces, such  as  standard  RGB  (sRGB)  or  Adobe  RGB,  which 


define  exactly  the  meanings  of  each  of  the  primary  colors 
in  terms  of  the  C1E  1931  color  space  (again,  see  the  very 
good  Wikipedia  article  at  www.nwdocfinder.com/3438). 

So,  your  monitor  has  a  color  profile  that  is  peculiar.  It  is 
peculiar  not  only  to  the  brand  but  also  to  that  individual 
monitor.  If  you  set  up  your  monitor  properly  using  a  tool 
such  as  Adobe  Gamma,  which  is  installed  with  Adobe 
products  such  as  Photoshop,  then  you  will  be  creating  an 

Color  correcting  for  display 
and  print  is  a  technically 
complex  subject. 

International  Color  Consortium  (ICC)  profile. 

This  profile  provides  the  data  that  changes  the  color 
space  used  by  say  Photoshop,  into  the  color  space  of  the 
display  This  means  the  colors  shown  on  the  display  will  be 
perceptually  the  same  as  when  the  image  is  on  another  dis¬ 
play  that  has  also  been  properly  profiled. 

When  you  import,  say  a  JPEG  photograph,  it  has  its  own 
color  space  called  YCbCr,  which  is  used  for  video  systems 
(see  the  Wikipedia  entry  at  www.nwdocfinder.com/3439). 

Programs  such  as  Photoshop  have  to  translate  the  YCbCr 
color  space  into  the  color  space  they  use  (typically  sRGB 
or  Adobe  RGB  1998)  and  correct  for  the  display’s  charac¬ 
teristics  using  the  ICC  profile. 

So  far  so  good,  but  now  we  want  to  print.  Printers  such  as 
the  Canon  i9900,  which  we  discussed  last  week,  have  their 


own  color-management  systems,  and  they  know  the  char¬ 
acteristics  of  the  inks  they  are  supposed  to  use. 

But  when  you  use  different  inks, as  we  wanted  to, you  have 
to  tell  the  printer  to  mind  its  own  business  and  not  make 
any  color  corrections,  and  tell  Photoshop  what  printer  pro¬ 
file  to  use.  In  other  words,  Photoshop  has  to  translate  the 
color  space  it  is  using,  such  as  sRGB,  into  the  color  space 
that  the  printer  can  render. 

In  the  case  of  the  Lyson  Fotonic  inks  we  wanted  to  use 
with  our  Canon  i9900,  Lyson  provides  profiles  for  inks  for  a 
variety  of  paper  types, such  as  satin, gloss  and  luster.The  rea¬ 
son  for  a  profile  for  each  type  is  that  the  paper’s  reflectivity, 
ink  absorbency  and  other  optical  and  printing  characteris¬ 
tics  change  how  the  color  appears  when  printed. 

In  short  —  a  goal  that  this  column  has  completely 
failed  to  realize  —  color  correcting  for  display  and  print 
is  a  technically  complex  subject.  On  the  other  hand,  pro¬ 
viding  you  at  least  understand  how  color  workflow  oper¬ 
ates  —  that  is,  the  translation  from  one  media  to  another, 
for  a  given  combination  of  software,  printer,  ink  and 
paper  —  you  should  be  able  to  reliably  achieve  a  high 
level  of  color  fidelity. 

Let  us  know  how  you  do  by  e-mailing  gearhead 
@gibbs.com.  We  end  this  week  with  a  question:  What 
causes  Windows  to  stop  showing  the  Start  menu  or  any 
grouped  entries  in  the  Start  task  bar?  This  is  happening  fre¬ 
quently  on  one  of  our  PCs,  and  we  cannot  find  out  what  the 
problem  is. 
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Quick  takes  on  high-tech  toys.  Keith  Shaw 


Palm  Treo  700p  has  Palm  OS,  EV-DO  access 

When  Palm  launched  its  Treo  700w  smart-phone  a  few  months 
ago,  many  felt  that  the  company  was  abandoning  the  Palm  operat¬ 
ing  system  in  favor  of  Microsoft’s  Windows  Mobile  operating  sys¬ 
tem. Today,  the  company  helps  allay  these  fears  with  the  announcement  of 
the  Treo  700p,  which  uses  the  Palm  operating  system 
(Version  5.4.9)  and  can  operate  on  the  Code  Division 
Multiple  Access  (CDMA)  EV-DO  high-speed  wireless 
network.  Pricing  and  availability  of  the  700p  will  be 
announced  later  by  carriers,  Palm  says. 

The  700p’s  EV-DO  access  will  enable  faster  download 
speeds  of  emails  and  attachments,  and  will  enhance 
streaming  multimedia  content,  Palm  says.The  700p  will 
ship  with  a  Palm  built-in  streaming  application  to  let 
users  stream  live  TV,  movie  clips  and  audio  streams.The 
700p  will  include  built-in,  dial-up  networking  features, 
which  turns  the  smart-phone  into  a  wireless  modem 
via  USB  or  Bluetooth  wireless  (though  carriers  have  the 
final  say  on  whether  to  support  dial-up  networking). 

The  700p  will  support  Microsoft  Exchange  Server 
2003  ActiveSync,  which  includes  contact  synchroniza¬ 
tion  as  well  as  e-mail  and  calendar  sync.  Out  of  the 
box,  the  700p  will  support  e-mail  from  Yahoo,  AOL  and 
Google’s  Gmail  Internet  mail  services.  In  addition,  the 
device  will  include  Data  Viz  Documents  To  Go  Version 
8.0,  which  includes  full  PDF  support  for  attachments, 
and  Word,  Excel  and  PowerPoint  compatibility. 

Other  .  '.X)p  features  include  a  1 . 3-megapixel  camera  and  camcorder,  128MB  of 
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Palm's  latest  Treo  offers 
the  Palm  OS  and  EV-DO 

wireless  access. 


memory  (with  60MB  available  for  users), Secure  Digital  memory  card  support  (for 
cards  up  to  2GB),  and  the  Pocket  Tunes  audio  player  for  listening  to  music. 

HP  debuts  new  mobile  products 

At  its  Mobility  Summit  last  week,  HP  launched  more  than  a  dozen  products 
aimed  at  businesses  and  consumers  wanting  to  become  more  mobile  in  their 
computing.  HP  debuted  five  business  notebooks,  including 
the  ultraportable  HP  Compaq  nc2400  —  the 
thinnest  and  lightest  HP  notebook  with  an  optical 
drive  to  date.  The  notebook  weighs  less  than  3 
pounds  and  offers  a  12.1-inch  widescreen  display 
with  a  full-size  keyboard.  Wireless  support  includes 
options  for  802.1  la/b/g  as  well  as  Bluetooth  2.0. 

Options  for  processors  include  the  Intel  Core  Solo 
Processor  (1.06GHz  or  1.2GHz)  or  the  Intel  Celeron 
M  Processor  423  (1.06GHz).  Features  include  as 
much  as  2GB  of  memory,  as  much  as  60GB  of  hard 
drive  space  and  an  Intel  Graphics  Media  Acceler¬ 
ator  950  graphics  card  (with  128MB  of  memory). 

The  system  will  start  at  $1,600  and  is  expected  to  be 
available  this  month. 

Other  business  notebooks  launched  by  HP  include  the  tc4400  Tablet  PC  series 
(starts  at  $1,650, available  in  early  June), a  convertible  tablet  notebook;  the  nc6400 
series  (starts  at  $1,550,  available  this  month),  which  includes  mobile  broadband 
modules  to  switch  between  wireless  networks  (CDMA  EV-DO  or  UMTS/HSDPA,for 
example);  the  nx7400  series  (starts  at  $749,  available  this  month),  a  15.4-inch 
widescreen  budget  model;  and  the  8400  series  (starts  at  $1,600,  available  this 
month),  which  includes  Intel  Core  Duo  processors,  ATI  graphics  and  a  15.4-inch 
widescreen  display. 

Shaw  can  be  reached  at  kshaw@nww.com.  Don 't  forget  to  watch  him  each  week 
as  he  explores  the  world  of  what’s  cool  in  high-tech  in  the  Cool  Tools  Video  Show 
at  www.networkworld.com/video.  New  shows  online  every  Thursday! 


HP's  nc2400  is  the  com¬ 
pany’s  latest  ultraportable 
notebook. 


EMC2 

where  information  lives' 


Using  Exchange? 
Meet  EMC  Insignia. 
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Exchange  Storage 
Software 


All-in-One,  Cost-Effective 
Exchange  Solution 

EMC  Insignia  Solution  for  Exchange 

As  a  small  or  medium  business  (SMB),  you  depend  on 
your  e-mail.  With  EMC  Insignia  Solution  for  Exchange, 
your  Exchange  server  becomes  faster,  easier  to  manage, 
and  more  reliable.  Designed  to  fit  SMB  needs  and  budgets, 
EMC  Insignia  Solution  for  Exchange  gives  you  a  level  of 
confidence  that  only  EMC  can  deliver,  combining  three 
powerful,  yet  easy-to-use  products: 

•  EMC  CLARiiON®  AX150  disk  storage  array 

•  EMC  Storage  Administrator™  for  Exchange  SMB  Edition 
storage  management  software 

•  EMC  Retrospect®  backup  and  recovery  software 

All  the  storage,  up  to  twice  the  performance 

EMC  CLARiiON  AX150  stores  2.5  GB  on  SATA  II  drives  for 
up  to  double  the  performance  of  internal  server  storage,  and 
it  scales  up  to  six  terabytes  of  storage. 


Eliminate  data  loss  and  downtime 

EMC's  renowned  CLARiiON  RAID  architecture  guards  against 
hard  drive  failure.  Included  software  protects  Exchange  data  and 
enables  automatic  server  failover. 

Easy  administration  and  migration 

Automatically  utilizes  Microsoft  and  EMC  best  practices  to 
optimize  Exchange  storage  and  automate  migration  to  Exchange 
Server  2003. 

Recover  lost  data  quickly 

Recover  the  precise  data  you  need — individual  e-mails,  mail¬ 
boxes,  or  an  entire  Exchange  server — without  extensive  exper¬ 
tise  or  complex  manual  intervention. 

EMC  Insignia 

EMC  Insignia  is  a  line  of  hardware  and  software  products  that 
enable  small  and  medium  businesses  to  store,  manage,  protect, 
and  share  vital  business  information.  To  learn  more,  visit 

www.  emcinsignia.  com/ad506. 


EMC  Insignia  Solution  for  Exchange. The  right  solution  at  the  right  price. 


EMC1 


Contact  your  EMC  Insignia  Channel  Partner  for  Solution  pricing. 


EMC*.  EMC,  CLARiiON,  Retrospect,  and  where  information  lives  are  registered  trademarks,  and  EMC  Storage  Administrator 
is  a  trademark  of  EMC  Corporation  <9  Copyright  2006  EMC  Corporation  All  rights  reserved 
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The  three  levels  of 
SOA  maturity 

Asked  to  identify  where  service-oriented  architecture  falls 
on  Gartners  hype  cycle  —  which  identifies  stages  of 
technology  development  from  invention  to  broad 
acceptance  —  most  IT  executives  would  probably  say  we’re 
nearing  the  “peak  of  inflated  expectations.”  Rhetoric  is  run¬ 
ning  high  and  vendors  are  scrambling  to  recast  what  they  do 
as  critical  to  SOA. 

Thomas  Erickson,  general  manager  of  Systinet,  a  company 
that  sells  what  it  calls  an  SOA  governance  and  life-cycle  man¬ 
agement  platform,  has  a  more  granular  view.  He  has  identi¬ 
fied  three  stages  of  SOA  maturity 
In  the  first  stage  companies  service-enable  their  applica¬ 
tions  using  standard  APIs.  Although  the  costs  are  modest, so 
are  the  business  gains,  Erickson  says. 

If  you  want  to  tie  your  SAP  order-management  system  to 
your  warehouse  system,  having  service-enabled  those  sys¬ 
tems  using  a  common  language  will  simplify  the  process,  he 
says. That’s  the  upside.“But  someone  will  still  have  to  go  in 
and  manually  make  the  connections,”  Erickson  adds.“It  is  not 
really  service  oriented.The  systems  will  be  tightly  coupled, so 
a  change  in  one  system  might  break  the  other  This  is  where 
most  customers  are  today  Erickson  says,  although  some  com¬ 
panies  are  further  along  than  others. 

The  few  companies  that  have  entered  the  second  stage  are 
those  that  use  SOA  services  to  build  new  or  modernize  exist¬ 
ing  applications.  Reaching  this  stage  means  a  company  has 
visibility  into  who  is  using  which  services  and  a  sense  of 
application  interdependencies.  What’s  more,  in  this  stage  it 
becomes  feasible  to  reuse  services  because  more  thought  is 
put  into  policies  that  services  must  adhere  to, such  as  securi¬ 
ty  and  uptime  requirements,  Erickson  says. 

One  limitation  remains,  however:  There  is  no  automated 
way  to  ensure  changing  a  service  doesn’t  break  linked  com¬ 
ponents,  Erickson  says.  That  comes  in  the  third  stage,  with  the 
arrival  of  what  he  calls  dynamic  SOA.  In  this  environment  a 
new  version  of  a  service  would  notify  consumers  about  the 
upgrade,  who  could  then  determine  if  and  how  they  might 
benefit  from  the  update.  If  it  might  cause  more  harm  than 
good,  the  consumer  could  decide  to  keep  the  existing  ser- 
vice.“!t  all  becomes  more  dynamic,”  Erickson  says. 

This  dynamic  environment  is  still  a  few  years  off,  he  says, 
and  depends  on  the  development  of  more  standards  to 
ensure  policies  are  interoperable. 

While  Systinet's  170  customers  today  are  large  companies, 
Erickson  says  these  big  players  soon  will  start  using  SOA  in 
the  supply  chain,  which  will  necessitate  smaller  players  com¬ 
ing  up  to  speed. 

That  type  of  shift  will  start  to  move  SOA  along  the  Gartner 

curve. 


Desktop  search 

Regarding  “Desktop  search  tools  seen  raising  red 
flags”  (www.nwdocfinder.com/3424):  Many  of  the  IT 
managers  quoted  in  this  story  are  comical  at  best 
and  disturbing  at  worst.  While  they  were  off  deploy¬ 
ing  massive, costly, questionably  useful  (but  job-secu¬ 
rity-ensuring)  enterprise/knowledge/customer  rela- 
tionship/fill-in-the-corporate-sinkhole  management 
suites,  simple  but  highly  effective  indexing  and 
search  software  utilities  came  out  of  left  field,  and 
the  people  these  managers  are  supposed  to  be  serv¬ 
ing  voted  with  their  feet.  IT  managers  just  finished 
spraying  digital  Raid  on  “productivity-wasting”  IM 
clients;  now  they  have  to  whip  up  a  new  batch  for 
desktop  search  utilities.  What’s  their  first  defense  — 
the  old  saw  that  these  “untested”  apps  are  messing 
up  their  user’s  desktops?  (I’ve  beta-tested  them  all  on 
numerous  laptops  and  desktops  running  Windows 
2000/XP  with  nary  a  problem.)  The  concern  for 
indexing  network  drives  is  legitimate,  but  can  be 
solved  at  the  client  and  server  end. 

If  IT  managers  spent  more  time  keeping  apprised 
of  useful  technology  corporate  usage  trends  and 
educating  users,  and  less  time  in  techno-babble 
obfuscation,  their  job  and  the  jobs  of  the  people 
they  are  supposed  to  be  serving  would  be  more 
pleasant.The  deer-in-the-headlights  look  when  desk¬ 
top  search  hits  the  streets  is  not  going  to  cut  it.  Get 
educated  or  get  packing! 

William  Daunch 
Cary  N.C. 

Encouraging  rootkits 

Regarding  “Does  open  source  encourage  rootkits?” 
(www.nwdocfinder.com/3425):  The  problem  is  not 
rootkits;  the  problem  is  Windows,  which  allows  the 
kernel  to  be  modified  without  user  knowledge.  Until 


Windows  is  fixed  so  that  root  user  privileges  are  re¬ 
quired  for  kernel  modifications, nothing  will  change. 
Using  Windows  is  akin  to  playing  Russian  roulette  — 
sooner  or  later  you  will  lose,  and  Microsoft  really 
doesn’t  care.  Why  should  they  care  as  long  as  con¬ 
sumers  want  the  least  expensive  PC,  and  Microsoft 
has  a  monopoly  on  that  market? 

Larry  Sokol 
Boynton  Beach,  Fla. 

I  have  yet  to  see  a  rootkit  published  under  the 
General  Public  License  or  Berkeley  Software 
Distribution  license.  Passing  a  rootkit  around  with¬ 
out  a  written  license  makes  it  public  domain,  not 
open  source.  I  would  also  like  to  know  why  McAfee 
feels  that  open  source  is  to  blame  for  rootkits,  espe¬ 
cially  since  they  mainly  attack  proprietary  programs. 

Dennis  Soper 
Systems  administrator 
University  of  Oregon 
Eugene,  Ore. 

Market  for  Boot  Gamp 

Regarding  Kevin  Tolly’s  column  “Apple’s  Boot  Camp: 
A  step  backward”  (www.nwdocfinder.com/3426):  As 
IT  professionals  we  might  need  to  step  back  to  see 
that  there  will  be  a  market  for  this,  especially  if  Apple 
and  Microsoft  support  it  as  they  should.  There  are 
thousands  of  users  who  would  welcome  the  space¬ 
saving  convenience  of  having  one  piece  of  hard¬ 
ware  that  will  run  both  Windows  and  Mac.  Many  of 
these  people  may  not  be  willing  or  able  to  run  a  vir¬ 
tual  PC  solution  to  accomplish  this. 

Richard  Manning 
Lockport,  N.Y 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World.  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


Readers  respond  Find  out  what  readers  are  saying  about  these  and  other  topics. 

IWf  fWllftl  www.nwdocfinder.com/1030 


—  John  Dix 
Editor  in  chief 
jdix@nww.com 
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ENTERPRISE  ISSUES 


Robin  Layland 


'Net  neutrality:  A  debate  about  nothing? 


It  is  going  to  end  the  Internet  as  we  know  it. 
It  will  save  the  carriers  and  let  them  build 
the  Internet  we  need. ’Net  neutrality  is  a  big 
issue,  with  everyone  from  network  experts  to 
politicians  weighing  in. 

’Net  neutrality  basically  means  that  the  carri¬ 
ers  treat  all  traffic  equally  Carriers  are  question¬ 
ing  this  logic  and  want  to  be  able  to  charge  extra 
for  better  treatment.  Sites  that  pay  more  would 
get  a  higher  priority;  those  that  don’t  would  go  to 
the  end  of  the  line. 

The  problem  with  ’Net  neutrality  arguments  is 
that  they  miss  an  important  point:  Can  the  car¬ 
riers  provide  differentiated  service?  They  can 
set  priorities,  but  does  that  mean  people  will 
see  the  difference  —  that  it  will  really  matter?  I 
don’t  think  so. 

Carriers  would  implement  ’Net  non-neutrali¬ 
ty  through  QoS  and  bandwidth  management. 
Both  have  little  effect  except  at  high  utilization. 
When  utilization  is  at  62%,  there  is  an  average  of 
one  packet  in  the  queue;  even  at  75%  utilization 
the  average  climbs  only  to  a  few  more  than  two 
packets. 

Assume  a  packet  arrives  at  a  bad  time,  when 
the  queues  are  above  average  length.  At  60%  uti¬ 
lization,  there  will  be  only  about  two  messages 
in  the  queue  95%  of  the  time;  at  75%  utilization, 


the  queue  would  lengthen  to  approximately 
eight  packets. That  may  sound  bad,  but  it  really 
isn’t.  Assume  a  T-3  line  is  used  —  not  very  fast 
by  today’s  standards  —  and  all  messages  are 
1,500  bytes  —  near  Ethernet’s  maximum.  The 
wait  adds  only  a  few  milliseconds. 

How  often  are  lines  at  60%  to  75%  utilization? 
Not  very  often.  Most  carriers  have  engineered 

Paying  for  premium 
service  over  the  Internet 
backbone  would  be  paying 
for  nothing.  You  would  get 
the  same  level  of  service 
at  the  inexpensive  rate. 

their  networks  to  run  at  lower  utilization,  and  it 
is  high  only  for  short  times  during  peak  hours, 
if  at  all.  The  majority  of  the  time,  networks  are 
running  at  lower  rates,  with  no  or  very  small 
queues. 

The  result  is  that  paying  for  premium  service 
over  the  Internet  backbone  would  be  paying  for 
nothing.You  would  get  the  same  level  of  service 


at  the  inexpensive  rate.  But  is  there  a  way  for  the 
carriers  to  make  it  have  a  difference?  Yes:  They 
could  cause  problems  artificially  For  example, 
they  could  make  the  allowable  queue  length  for 
low-priority  traffic  very  small,  causing  lower- 
priority  messages  to  be  discarded  at  an  unnatu¬ 
rally  high  rate. 

Even  this  might  not  work.  Any  carrier  that 
does  this  would  affect  a  lot  of  traffic,  because 
most  users  would  not  pay  the  premium  price. 
The  word  would  get  out  these  carriers  run  a 
poor-quality  network.  Enterprises,  DSL  and 
cable  providers  would  hesitate  to  use  them. 

The  move  from  ’Net  neutrality  would  have  lit¬ 
tle  real  effect.  Carriers  could  sell  a  service  to 
real-time-media  people  to  put  them  at  the  front 
of  the  queue  for  temporary  problems,  but  I  am 
not  sure  their  customers  would  notice.  It  was 
tried  with  frame  relay  a  long  time  ago  and  did¬ 
n’t  work  then. 

Sit  back  and  enjoy  the  debate,  but  don’t  worry 
because  it  will  have  little  effect  no  matter 
which  way  things  turn  out. 

Layland  is  president  of  Layland  Consulting , 
specializing  in  new  technology  and  its  impact 
on  enterprise  networks.  He  can  be  reached  at 
robin  @layland.  com. 


ON  SECURITY 


Winn  Schwartau 


Big  bank  goes  phishing 


The  thing  about  security  is,  well,  security  hap¬ 
pens,  and  sometimes  it  doesn’t  happen,  and 
then  sometimes  it’s  over  the  edge  with  mind- 
numbing  incomprehensibility  I  tend  to  notice 
these  things. 

I  was  on  the  road  recently  I  forgot/lost/mis¬ 
placed  my  password  to  log  on  to  Internet  banking 
so  1  could  pay  my  staff.  I  called  1-800-Amsouth 
and  asked  for  my  password.They  asked  me  for:  1) 
my  name;  2)  account  name  and  number;  3)  ad¬ 
dress;  4)  federal  ID  number;  and  5)  date  of  birth. 
Then  they  gave  me  my  password. 

My  wife  overheard  the  conversation  and  raised 
hell  with  me  about  how  easy  it  was  to  gain  access 
to  our  intertwined  online  accounts  with  no 
decent  security  check.  AmSouth’s  proof-positive 
security  check  was,  in  fact,  public  information. 

Then  it  only  got  worse.  AmSouth  called  me  at 
home. The  woman  on  the  phone  said  she  needed 
to  discuss  a  problem  with  me,  but  first  I  needed  to 
answer  a  couple  of  questions.  Then  she  pro¬ 
ceeded  to  ask  me  for  personal  information  to 
“protect  me”  and  “confirm  my  identity’ 

What’s  wrong  with  this  picture?  Millions  of 
e-mail  phishing  attacks  reach  out  to  snag  gullible 
somebodies  —  for  financial  gain  or  identity  theft. 
One  type  of  phishy  email  induces  a  greedy  victim 
to  respond,  promising  vast  wealth.  Others  attempt 
to  lure  the  unsuspecting  into  “fixing”  their  PayPal 
or  bank  accounts.  Then  there  are  those  that  use 
fear:  “Your  account  is  in  serious  delinquency’  or 
“You  just  bought  four  plasma  TVs  and  we  want  to 
confirm  your  order’’ or“The  wire  transfer  you  initi¬ 


ated  for  $10,000  needs  secondary  confirmation.” 

Spear-phishing  fine-tunes  the  art  to  select  com¬ 
panies  specifically  targeted  for  their  assets.  It’s  all 
about  the  money 

Especially  in  the  financial  sector,  we  teach  com¬ 
panies  and  their  staff  about  social  engineering, 
identity  theft,  phishing  and  all  the  ways  the  bad 
guys  want  to  scam  you,  your  company  and  your 
customers.Then  we  teach  them  what  not  to  do  — 
how  not  to  respond  to  phishing  or  suspicious 
activity  at  work  or  at  home,  so  they  can  avoid 
becoming  victims. 

AmSouth  . . .  was  using 
the  same  techniques 
phishers  use. 

Here  was  AmSouth  acting  and  operating  just  like 
a  criminal  enterprise  trying  to  scam  personal  in¬ 
formation  from  me.  It  was  using  the  same  tech¬ 
niques  phishers  use  to  try  to  get  hapless  victims  to 
release  private  information  as  a  pretext  to  identity 
theft. 

Under  the  pretense  that  this  really  was  AmSouth 
calling  me,  albeit  using  phishing-like  methods,  I 
called  1-800-Amsouth  and  asked  whether  there 
was  an  issue  with  one  of  my  accounts.They  veri¬ 
fied  my  identity:  name,  Social  Security  number, 
date  of  birth,  mother’s  maiden  name.  AmSouth 
clearly  has  security  issues  in  establishing  proof¬ 
positive  identification  using  publicly  available  in¬ 
formation  —  including  those  things  I  warned  it 


about  almost  15  years  ago,  and  nine  years  ago  and 
. . .  you  get  the  idea. 

I  now  had  a  truly  helpful  fellow  from  AmSouth’s 
Alabama  headquarters  tell  me  that  everything  in 
my  accounts  was  fine.  But  I  am  the  suspicious 
type.  Something  still  felt  phishy,  so  1  called  my 
local  branch,  where  they  know  me  well  yet  actu¬ 
ally  require  photo  ID  when  I  make  transactions  in 
person.  I  asked  if  there  was  a  problem  with  any  of 
my  accounts. Thirty  seconds  later  I  was  told:“You 
didn’t  pay  ‘this  item’  on  time.  It’s  10  days  late.”  I 
drove  to  the  bank  and  made  the  payment. 

AmSouth  is  the  current  poster  child  for  how  to 
do  security  wrong,  encourage  phishing  by  illegal 
entities  and  offer  no  alternative  to  this  lame 
attempt  at  identity  verification.  (For  the  record, 
when  asked  to  comment,  AmSouth  spokesperson 
Jerri  Franz  said, “We  do  not  discuss  the  details  of 
our  information  security’) 

It’s  so  simple.“Hi,Winn.There  seems  to  be  a  prob¬ 
lem  with  your  account. Why  don’t  you  call  or  visit 
your  local  branch  and  see  what’s  going  on?”  Or, 
“Hi,  Winn,  you  might  want  to  log  on  to  your 
accounts.  There  might  be  a  problem  with  one  of 
them.”  Or,  “Please  call  1-800-Amsouth  . . . " —  but 
then  there  is  that  proof-positive  ID  problem. 

There  are  plenty  of  more  viable  security  alter¬ 
natives  to  phishing.  Or  am  1  wrong? 

Schwartau  is  a  security  writer,  lecturer  and  presi¬ 
dent  of  Interpact,  a  security  awareness  consulting 
firm.  He  can  be  reached  at  winn@thesecurity 
awarenesscompany.  com. 
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BY  DAVID  PISCITELLO 


oIP  has  finally  arrived  as 

a  mainstream  application.  IP  PBX  equipment  sales 
topped  $1  billion  in  2005,  for  the  first  time  outpacing  tradi¬ 
tional  TDM  PBXs,  according  to  Dell’  Oro  Group. 

In  fact,  analysts  predict  that  IP  PBXs  will  account  for  more 
than  90%  of  the  market  by  2009.  Before  you  deploy  VoIP 
however,  you  need  to  be  aware  of  the  security  risks  and  the  counter¬ 
measures  that  you  can  take. 

Security  is  important  in  every  context,  but  especially  when  you’re 
replacing  the  world’s  oldest,  largest,  and  most  resilient  and  avail¬ 
able  communications  network.  While  no  individual  security  mea¬ 
sure  will  eliminate  attacks  against  VoIP  deployments  entirely,  a 
layered  approach  can  meaningfully  reduce  the  probability  that 
attacks  will  succeed. 

The  threats 

Enterprise  VoIP  customers  and  service  providers  are  vulnerable  to  many 
of  the  same  impersonation-based  attacks “phreakers”  attempt  against  tradi¬ 
tional  telephone  and  cellular  services.  The  goals  —  identity  and  informa¬ 
tion  theft  and  toll  fraud  —  are  the  same. 

Many  attacks  focus  on  VoIP  endpoints.  The  operating  systems,  Internet 
protocols,  applications  and  management  interfaces  of  VoIP  hard  phones 
and  computers  running  softphones  are  vulnerable  to  unauthorized 
access,  viruses  and  worms,  and  many  denial-of-service  (DoS)  attacks  that 
exploit  common  Internet  protocols  and  VoIP  protocols  themselves. 

VoIP  uses  the  IETF  Session  Initiation  Protocol  (SIP)  and  the  Real-time 
Transport  Protocol  (RTP)  for  call  signaling  and  voice-message  delivery. 
These  and  complementing  session  description  and  RTP  control  protocols 
(SDRRTCP)  do  not  provide  adequate  call  party  authentication,  end-to-end 
integrity  protection  and  confidentiality  measures  on  call  signaling  and  call 
data  (such  as  media  streams  containing  compressed  and  encoded 
speech).  Until  these  security  features  are  implemented  and  put  into  ser¬ 
vice,  attackers  have  many  vectors  to  exploit. 


►  The  business  case 
for  VoIP 

Benchmarks  for  VoIP  expenses  and 
ROI.  Page  50. 
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►Breaking  the  costs 
down  by  vendor 

Cisco  is  highest  in  start-up  costs; 
Nortel  deployments  are  most 
expensive  to  manage.  Page  54. 
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Beware  of  phreakers,  fraudsters,  sniffers, 
RATS,  SPIT,  men  in  the  middle,  broadcast 
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Today,  SIP  and  RTP  protocols  do  not 
encrypt  call-signaling  packets  and  voice 
streams,  so  identities,  credentials  and  SIP 
Uniform  Resource  Identifiers  (phone 
numbers)  of  callers  can  be  captured 
using  LAN  and  wireless  LAN  (WLAN) 
traffic-collection  tools  (sniffers). 

An  attacker  can  use  captured  account 
information  to  impersonate  a  user  to  a 
customer  service  representative  or  self- 
service  portal,  where  he  can  change  the 
calling  plan  to  permit  calls  to  900  num¬ 
bers  or  to  blocked  international  num¬ 
bers.  He  also  can  access  voice  mail  or 
change  a  call  forwarding  number. 

Impersonation  attacks  commonly  are 
used  to  perpetrate  toll  fraud,  but  finan¬ 
cially  motivated  attackers  also  can  cap¬ 
ture  voice  conversations  and  later  replay 
them  to  obtain  sensitive  business  or  per¬ 
sonal  information. 

Flooding  VoIP  targets  with  SIP  call  sig¬ 
naling  messages  (e.g.,  Invite,  Register,  Bye 
or  RTP  media  stream  packets)  can 
degrade  service,  force  calls  to  be 
dropped  prematurely  and  render  certain 
VoIP  equipment  incapable  of  processing 
calls  entirelyVoIP  equipment  also  may  be 
vulnerable  to  DoS  attacks  against  such 
Internet  protocols  as  TCP  SYN,  ping  of 
death  and  the  recent  DNS  distributed 
DoS  amplification  attacks. 

VoIP  systems  also  can  be  disrupted  by 
media-specific  attacks, such  as  Ethernet 
broadcast  storms  and  Wi-Fi  radio  jam¬ 
ming.  Operating  systems  and  TCP/IP 
stacks  used  in  new  VoIP  hardware  may 
be  susceptible  to  implementation- 
specific  attacks  that  exploit  program¬ 
ming  flaws.  This  can  cause  the  system 
to  cease  operating  or  provide  the 
attacker  with  remote  administrative 
control  of  the  system. 

VoIP  softphones  pose  a  unique  and 
thorny  problem.  Softphone  applications 
run  on  user  systems  (PCs,  PDAs)  and  thus 
are  vulnerable  to  malicious  code  attacks 
against  data  and  voice  applications.  IT 
administrators  must  consider  the  possi¬ 
bility  that  an  attacker  may  try  to  evade 
conventional  PC  malware  protection  by 
injecting  malicious  code  via  a  VoIP  soft- 
phone  application. 

Spam  often  harbors  spyware  and  re¬ 
mote  administration  tools.  Spam  over 
Internet  Telephony  can  carry  unsolicited 
sales  calls  and  other  nuisance  messages, 
and  programs  downloaded  to  soft- 
phones  could  include  hidden  malware. 

Even  this  partial  description  should 
cause  IT  managers  to  assess  the  risk  of 
in1  reducing  VoIP  and  to  develop  a  pol¬ 
icy  and  an  implementation  plan  to 
reduce  the  risks  using  security  technol¬ 


ogy  at  hand. 

Risk  assessment 

Voice  is  a  perennial  cash  cow  for  tradi¬ 
tional  telephony  service  providers,  a 
lucrative  emerging  market  for  VoIP  ven¬ 
dors  and  a  mission-critical  service  for 
businesses.  Thus,  the  most  serious  risk 
public  (carrier)  and  private  (enter¬ 
prise)  VoIP  operators  must  manage  is 
service  disruption. 

VoIP  users  will  expect  no  less  than 
the  high  availability  they  are  accus¬ 
tomed  to  receive  from  the  public 
switched  telephone  network  (PSTN). 
Accordingly  a  thoughtful  VoIP  deploy¬ 
ment  plan  for  all  would-be  VoIP  opera¬ 
tors  must  include  measures  for  reduc¬ 
ing  the  threat  of  DoS  attacks. 

Other  priority  risks  include  identity 
theft  and  toll  fraud.  Public  operators 
face  a  greater  challenge  than  do  PSTN 
and  cellular  carriers  with  identity  and 
endpoint  verification  in  VoIP  deploy¬ 
ment  because  endpoint  IP  addresses 
are  generally  not  validated  at  Internet 
ingress  points,  and  unlike  public  tele¬ 
phone  numbers,  there  are  as  yet  no 
widely  adopted  methods  for  VoIP  oper¬ 
ators  to  certify  or  assert  cooperatively 
that  a  SIP  identity  is  valid. 

VoIP  operators  must  manage  trust 
relationships  with  other  VoIP  operators 
carefully  and  should  avoid  service 
arrangements  unless  they  have  some 
confidence  that  the  other  providers  are 
using  equivalent  identity  and  endpoint 
verification  methods.  This  might  be 
arranged  contractually  across  an  ex¬ 
tended  enterprise  or  business-to- 
businessVoIP  deployment. 

In  general,  insider  attacks  are  more  fre¬ 
quent  than  outsider  attacks,  so  enter¬ 
prise  VoIP  network  operators  must  con¬ 
sider  impersonation  a  threat  even  if 
they  operate  in  isolation.  Enterprise  VoIP 
managers  then  must  consider  methods 
to  detect  and  block  impersonation 
attacks,  and  should  maintain  account¬ 
ing  and  auditing  tools  to  help  detect 
abuse  and  identify  perpetrators. 

While  public  VoIP  infrastructures  may 
be  more  frequently  targeted  for  politi¬ 
cally  motivated  attacks  and  terrorism, 
private  VoIP  networks  increasingly  are 
at  risk  of  electronic  industrial  espi¬ 
onage  and  eavesdropping  attacks  (for 
example,  employees  intercepting  privi¬ 
leged  calls). 

Enterprise  customers  also  must  con¬ 
sider  help  desk  and  customer  care. 
Service  disruption,  subscriber  imper¬ 
sonation  and  toll  fraud  are  serious  sup¬ 
port  matters.  Resolving  disputes  and 


restoring  service  to  employees  who  are 
victims  of  such  attacks  sap  resources  and 
adversely  affect  productivity  The  effects 
that  security  incidents  may  have  on  con¬ 
sumer,  user,  management  and  even  share¬ 


holder  confidence  can  be  lasting. 

Countermeasures 

VoIP  is  a  new  and  different  type  of 

See  VoIP,  page  48 


VoIP  vulnerabilities 

1.  Gall  tampering 

The  attacker  can  tamper  with  calls  in  progress;  for  example, 
he  could  impair  the  quality  of  the  call  by  interjecting  noise  in 
the  Real-time  Transport  protocol  stream,  by  withholding 
delivery  of  RTP  packets  so  that  conversation  elements  are 
lost  or  by  delaying  delivery  so  participants  encounter  long 
periods  of  silence  during  the  call. 

Internet  cafe  hot  spot  access 
point  (open  authentication, 
no  encryption) 


INTERNET 


Alice's  Session 
Initiation  Protocol- 
enabled  phone 
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Ted 

connects  to 
wireless  LAN 
at  Internet  cafe, 
calls  Alice  from 
softphone. 


Attacker  intercepts 
voice  traffic  and  degrades 
call  by  injecting  noise 
and  delay. 


RTP  media  packets 
of  conversation 

RTP  media  packets 
containing  noise 

Attacker-iruected  delay 


2.  ‘Man-in-the-middle’  attacks 

VoIP  is  vulnerable  to  man-in-the-middle  attacks.  In  MITMs, 
the  attacker  intercepts  SIP  call-signaling  traffic  and  masquer¬ 
ades  as  the  calling  party  to  the  called  party,  or  as  the  called 
party  to  the  calling  party.  Once  the  attacker  has  gained  this 
MITM  position,  he  can  hijack  calls  via  a  redirection  server. 
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VoIP 

continued  from  page  46 

Internet  application,  but  ultimately  it  is 
another  real-time  data  stream  delivered 
using  IP  Many  of  the  security  measures 
widely  used  today  to  protect  other  plain 
text  applications,  from  telnet  and  FTP  to 
Web,  e-mail  and  instant  messaging,  can 
be  used  to  improve  VoIP  security. 

The  majority  of  VoIP  service  applica¬ 
tions  are  run  on  commercial  server 
operating  systems.  Hardening  servers 
and  employing  antitampering  and  host 
intrusion-detection  demonstrably 
improve  an  organization’s  baseline  VoIP 
security.  The  most  frequently  recom¬ 
mended  server  security  measures  that 
can  be  applied  to  voice  servers  include: 

•  Maintain  patch  currency  for  operat¬ 
ing  system  and  VoIP  applications. 

•Run  only  applications  required  to 
provide  and  maintain  VoIP  services. 

•Require  strong  authentication  for 
administrative  and  user  account 
access. 

•Enable  only  user  accounts  required 
for  maintenance  and  correct  operation 
to  deter  forced  break-ins. 

•Implement  stringent  authorization 
policies  to  prevent  unauthorized  access 
to  VoIP  service  and  account  data. 

•Audit  administrative  and  user  ses¬ 
sions  and  service-related  activities. 

•Install  and  maintain  server  firewall, 
antimalware,  and  antitampering  mea¬ 
sures  to  deter  DoS  attacks. 

•  Securely  configure  VoIP  applications 
to  prevent  misuse;  for  example, a  whitelist 
of  callable  country  codes  can  thwart  cer¬ 
tain  call  forward,  transfer  and  social-engi¬ 
neering  exploits  that  might  result  in  toll 
fraud  and  unauthorized  use. 

Once  VoIP  servers  and  the  applica¬ 
tions  they  run  are  securely  configured, 
build  an  in-depth  defense  by  adding 
layers  of  security  around  servers.  Isolate 
VoIP  servers  and  required  infrastructure 
(for  example,  DNS,  LDAP)  from  client 
machines  (phones,  PCs  and  laptops)  by 
using  separate  physical  or  virtual  LANs 
(VLAN)  to  carry  management,  voice 
and  data  traffic. 

Use  firewalls  to  limit  types  of  traffic  that 
may  cross  VLAN  boundaries  to  only  those 
protocols  necessary  This  compartmental- 
ization  is  especially  effective  in  reducing 
the  spread  of  malware  from  infected 
clients  to  VoIP  servers  in  monoculture 
(such  as  Windows)  networks.  This  often 
results  in  much  simpler  security  policies 
in  each  compartmentalizing  firewall  than 
the  policy  you  would  have  to  maintain  in 
a  single  firewall. 


Segmentation  is  a  powerful  security 
tool,  so  don’t  stop  here.  The  same  seg¬ 
mentation  methods  used  to  heighten 
security  can  be  used  to  implement 
QoS:  For  example,  putting  SIP  phones 
on  their  own  VLAN  helps  restrict  VoIP  to 
permitted  devices  and  gives  higher  pri¬ 
ority  to  VoIP  as  IP  packets  move  from 
network  edge  to  core. 

Consider  segregating  voice  user 
agents  (hard  phones)  from  PCs  and  lap¬ 
tops  used  to  access  networked  data 
applications.  This  may  prevent  a  suc¬ 
cessful  attack  against  a  data  segment 
from  spreading  to  and  interfering  with 
voice  systems.  Firewall  performance 
may  be  an  issue  when  applying  seg¬ 
mentation  and  policy-based  compart- 
mentalization.so  plan  carefully  to  avoid 
adding  latency  to  paths  that  will  trans¬ 
port  media  streams. 

Endpoint  security  adds  an  outer  layer 
of  security  in  VoIP  deployments.  IEEE 
802. IX  port-based  network  access  con¬ 
trol  and  equivalent  network  admission 
techniques  provide  an  additional  layer 
of  authorization  control  by  blocking  de¬ 
vices  from  using  a  LAN  or  WLAN  until 
they  pass  security  checks. 

Administrators  can  choose  to  block 
devices  infected  with  malware  or  that  do 
not  satisfy  other  admission  criteria,  such 
as  current  patches  and  appropriately 
configured  firewalls.  They  can  redirect 
noncompliant  devices  to  an  isolated 
LAN  segment  that  offers  limited  services 
or  to  a  LAN  where  softphone  users  can 
access  software,  patches  and  malware 
definition  updates  required  to  satisfy 
admission  criteria.  In  many  cases,  these 
security  measures  can  be  performed 
before  authentication,  to  prevent  mal¬ 
ware  (keystroke  loggers)  from  capturing 
user  credentials. 

Companies  using  firewalls  to  enforce 
security  policy  may  discover  that  their 
current  firewall  is  unsuited  to  the  task 
of  securing  voice  and  data. Traditional 
network  firewalls  are  designed  to  per¬ 
mit  and  deny  traffic  based  on  TCPUser 
Datagram  Protocol  (UDP)  and  IP  head¬ 
er  information:  IP  addresses,  protocol 
types  and  port  numbers,  for  example. 

VoIP  protocols  use  a  large  range  of 
UDP  ports  and  allocate  them  dynami¬ 
cally  to  media  streams.  Many  tradition¬ 
al  firewalls  cannot  accommodate  this 
behavior  without  leaving  large  swaths 
of  port  numbers  permanently  open  for 
VoIP  use  and  other  misuses.  Certain 
firewalls  do  not  process  UDP  efficient¬ 
ly.  Others  do  not  support  QoS  measures 
to  manage  latency  and  jitter  so  that 
VoIP  calls  have  toll-voice  quality. 


IT  administrators  should  consider  fire¬ 
walls  that  are  SIP-aware,  that  can  detect 
and  counterattack  against  SIP  signaling 
messages,  and  that  can  process  RTP 
media  streams  without  adding  signifi¬ 
cant  latency. 

Application  layer  gateways  (proxies) 
can  play  a  useful  role  in  VoIP  deploy¬ 
ment.  Incorporating  SSL  tunnels  into 
SIP  proxies  is  becoming  a  popular  way 
to  improve  authentication  and  add  con¬ 
fidentiality  and  integrity  protection  on 
signaling  messages  exchanged 
between  user  agents  and  SIP  proxies. 

Many  organizations  are  considering 
chaining  SSL  connections  to  protect  sig¬ 
naling  traffic  between  SIP  proxies  across 
their  organizations  and  inter- 
organizationally  as  well.  RTP  proxies  may 
be  appropriate  if  your  organization  must 
relay  media  streams  among  global  and 
local  RTP  IP  addresses  and  ports.  Other 
organizations  are  choosing  to  take  advan¬ 
tage  of  their  investment  in  IPSec  to  secure 
VoIP  traffic  between  sites. 

In  some  configurations,  organizations 
may  try  to  process  VoIP  traffic  preferen¬ 
tially  by  creating  IPSec  security  associa¬ 
tions  that  prioritize  voice  traffic  over 
data.  Some  organizations  may  want  to 


filter  signaling  traffic  and  RTP  media 
streams  through  a  Session  Border 
Controller  (SBC).SBCs  operate  as  back- 
to-back  user  agents,  concatenating  and 
applying  policy  to  calls  between  public 
and  private  user  agents.  In  some 
respects, an  SBC  behaves  like  a  secure  e- 
mail  proxy.  It  can  rewrite  message  head¬ 
ers  to  hide  details  of  private  networks 
(such  as  addresses), strip  unknown  and 
undesirable  header  SIP  fields,  and 
restrict  called-party  numbers.  Because 
media  traffic  flows  through  an  SBC,  RTP 
policies  can  be  enforced  at  them. 

These  security  measures,  along  with  a 
proactive  security  monitoring  and  intru¬ 
sion-detection  and  -prevention  plan,  not 
only  improve  VoIP  security,  but  can 
greatly  reduce  the  risks  to  data  networks 
as  organizations  introduces  VoIP  Many 
of  these  measures  will  continue  to  be 
useful  in  deployments  even  after  securi¬ 
ty  enhancements  are  incorporated  into 
VoIP  protocols  and  architecture. 

Piscitello  is  president  of  Core  Com¬ 
petence,  an  ICANN  SSAC  Fellow  and 
author,  with  Alan  Johnston,  of  Under¬ 
standing  Voice  over  IP  Security.  He  can 
be  reached  at  daue@corecom.com. 
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o  Attack  hosts  ignore  response  message  from  IP  PBX  and  continue 
sending  Invite  messages,  overwhelming  IP  PBX. 


“SUNGARD  REHEARSED  SCENARIOS 


WITH  US  A  COUPLE  OF  TIMES  A 
YEAR.  SO  WHEN  KATRINA  HIT, 

I  KNEW  OUR  DISASTER  RECOVERY 
PLAN  WOULD  WORK.” 


When  it  comes  to  being 
prepared  for  unplanned  IT 
interruptions,  you  need  to 
know  your  systems  are  either  always 
available  or  can  be  quickly  recovered. 
That’s  where  SunGard’s  Information 
Availability  solutions  can  help.  We 
deliver  the  secure  data,  systems, 
networks  and  support  you  require  to 
help  your  business  stay  in  business. 
Because  your  employees,  suppliers 
and  customers  rely  on  you  to  be 
available  every  minute  of  every  day, 
you  need  continuous  access  to 
information  no  matter  what  —  you 
need  Information  Availability. 

For  over  25  years,  businesses  have 
turned  to  SunGard  to  restore  their 
systems  when  something  went 
wrong.  So,  it’s  not  surprising  that 
they  now  turn  to  us  to  give  them 
options  to  make  sure  they  never  go 
down  in  the  first  place.  Plus, 
SunGard  offers  solutions  that  let 
you  remain  in  control  of  your  IT 
environment  and  enjoy  the  flexibility 
required  to  adjust  to  the  changing 
needs  of  your  business. 


SunGard  has  a  wide  range  of  solutions  ranging  from  recovery  to  redundancy  that  address  your  enterprise-wide  requirements. 
Here  are  just  a  few  of  those  solutions: 

System  Recovery,  Mobile  Recovery,  Network  Recovery  and  End-User  Recovery  Services  help  you  get  back  up  quickly 
when  disaster  strikes.  And  when  combined  with  our  Server  Replication  and  Vaulting  for  Distributed  Systems  services, 
you  can  reduce  downtime  and  your  costs  by  25%*. 


Server  Replication.  If  your  server  is  unavailable,  for  whatever  reason,  you  can  have  a  fast  and  easy  recovery  of  your 
Microsoft®  Windows®-based  applications  from  the  replicated  servers  located  at  a  SunGard  facility.  When  your 
applications,  such  as  databases,  e-mail,  and  file  servers,  need  to  be  recovered  in  less  than  24  hours,  Server 
Replication  gives  you  data  center  redundancy  without  the  high  cost  of  building  your  own  secondary  facility. 

Vaulting  for  Distributed  Systems  provides  customers  with  an  automated  and  secure  process  for  critical  data  backup. 
Vaulted  data  is  available  for  easy  recovery  of  production  files.  The  logistics  and  time  needed  for  restoring  data  to 
backup  systems,  whether  for  testing  or  recovery,  are  greatly  improved. 


Your  job  is  to  keep  systems  and  applications  running.  Our 
mission  is  to  keep  people  and  information  connected.  Let’s  work 
together.  To  learn  more,  contact  us  at  1-800-468-7483  or  go  to 
www.availability.sungard.com/masteria  and  get  your  free  copy  of 
the  book  “Mastering  Information  Availability.” 

*25%  figure  based  on  the  IDC  White  Paper.  "Ensuring  Information  Availability:  Aligning  Customer 
Needs  with  an  Optimal  Investment  Strategy.”  Actual  savings  may  vary  depending  on  services  selected. 


SUNGARD8 

Availability  Services 


Keeping  People 
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case  for Voip 

Nementes  study  shows  that  as  companies 
broaden  their  VoIP  rollouts,  setup  costs 
increase  —  but  so  do  savings. 


BY  ROBIN  GAREISS 


hen  IT  executives  make  the  strategic  decision  to 


implement  VoIP  and  other  converged 
applications,  cost  savings  is  one  of  the 
key  drivers. 

But  is  VoIP  really  a  money  saver? 
Based  on  a  Nemertes  Research  survey 
of  90  IT  executives,  the  answer  is  yes  —  over  time.  In 
other  words, steep  start-up  costs  will  be  offset  in  the  long 
run  by  significant  savings. 

One  of  the  key  findings  in  this  year’s  study  is  that  com¬ 
panies  are  spending  more  time  and  money  on  plan¬ 
ning,  installation  and  troubleshooting,  compared  with 
last  year. 

The  reason  is  that  VoIP  increasingly  is  being  deployed 
as  part  of  a  strategic,  enterprisewide  convergence  pro¬ 
ject,  rather  than  as  a  pilot  project  or  a  technology  de¬ 
ployed  in  a  limited  setting,  such  as  a  branch  office  or 
contact  center. 

Another  important  finding  of  the  study  is  that  VoIP 
equipment  generally  costs  about  the  same  as  TDM  gear, 
with  the  exception  of  handsets. 

ft  pays  to  plan 

Since  2004  the  amount  of  time  spent  planning  a  VoIP 
rollout  has  quadrupled. This  is  where  participants  spend 

Planning  time  increases 

More  time  spent  planning  can  help  keep 
troubleshooting  in  check. 
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CHANGE 
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16 
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j  300% 

Installation  j 

25 

48 
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Troubleshooting 

11 

]  21  " 

|  91% 

TOTAL 

52 

133 

156% 

most  of  their  overall  operational  start-up  time. They  have 
learned  from  peers  about  the  nightmares  that  result  from 
a  poorly  planned  deployment. 

Because  VoIP  is  typically  part  of  a  larger  convergence 
effort, organizations  are  spending  more  time  upfront  try¬ 
ing  to  identify  steps  in  the  project  —  and  preparing  the 
networks  for  them.  Several  early  adopter  IT  executives 
who  participated  in  the  study  said  if  they  had  spent 
more  time  planning,  they  would  have  had  a  smoother 
rollout  and  spent  less  time  troubleshooting. 

Is  your  network  ready? 

As  part  of  planning,  IT  staffs  should  perform  or  hire 
someone  to  perform  baseline  network  assessments, also 
known  as  network  readiness  tests.  Companies  typically 
spend  $3,000  per  location  for  small  implementations 
(usually  five  or  fewer  sites)  or  an  average  of  $63,500  for 
a  comprehensive,  multisite  evaluation.  Comprehensive 
evaluations  range  from  $12,000  to  $150,000. 

As  companies  install  VoIP  in  more  branch  offices  and 
give  handsets  to  more  users  (as  opposed  to  simply  IP- 
enabling  a  TDM  PBX),  the  amount  of  time  staffs  spend 
installing  the  gear  increases. 

Troubleshooting  time  also  is  increasing,  but  not  at  the 
same  rate  as  planning  and  installation. Troubleshooting 
includes  the  time  spent  repairing  problems  after  instal¬ 
lation  and  until  the  system  is  considered  full-produc¬ 
tion.  Companies  with  higher-than-normal  troubleshoot¬ 
ing  times  typically  devoted  lower-than-normal  time  to 
planning.  So  it  makes  sense  that  as  IT  staffs  spend  more 
time  upfront  planning  the  rollout,  troubleshooting  time 
should  grow  more  slowly. 

There  are  three  primary  reasons  behind  the  increases 


in  operational  start-up  time  —  and  thus,  cost.  First,  orga¬ 
nizations  are  taking  their  VoIP  projects  more  seriously 
because  they  are  the  first  step  of  an  overall  conver¬ 
gence  effort,  and  consequently  need  to  devote  more 
people  from  different  disciplines  (applications, security, 
voice,  data)  to  the  rollout.  In  2004,  companies  devoted 
an  average  of  12  people  to  convergence  projects,  com¬ 
pared  with  27  people  by  late  2005. 

Second,  the  salaries  of  IT  staff  working  on  conver¬ 
gence  projects  have  increased. The  average  salary  with 
benefits  was  $96,766  in  2004,  compared  with  $98,621  in 
2005. 

Third,  companies  are  devoting  more  money  to  con¬ 
sulting  costs  related  to  design  and  implementation. The 
median  consulting  cost  is  $23,125,  but  the  range  is  from 
$500  to  $2  million,  according  to  the  survey. The  goal  is  to 
take  advantage  of  the  experience  of  systems  integrators 
and  resellers,  maintain  flexibility  with  internal  staffs, and 
improve  the  rate  of  project  success. 

Management  tools  are  key 

Management  tools  often  are  an  unplanned  expense, 
but  they’re  key  to  the  success  of  a  VoIP  project.  Only 
about  15%  of  organizations  actually  budget  for  such 
tools  upfront,  but  more  than  half  seek  specialty  tools 
within  12  to  18  months  of  their  rollouts. 

The  amount  organizations  budgeting  for  or  buying 
third-party  management  tools  are  willing  to  spend  has 
increased  in  the  past  year. This  is  primarily  because  they 
recognize  they  need  solid  tools  —  and  a  new  class  of 
tools  —  to  manage  a  converged  network  effectively. 
Based  on  that,  the  recommended  management  budget 
has  increased  slightly  this  year.  (See  “Benchmarks  for 
VoIP  deployments.”) 

See  VoIP,  page  52 
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E-MAIL  NEWSLETTER  SHOWCASE: 

Wireless  in  the  enterprise 

Approaches  to 
going  ‘all  wireless' 

BY  JOANIE  WEXLER 

The  answer  to  eliminating  cabling  beyond  the  802.11 
mobile  access  network  and  into  the  backbone  has  been 
mesh  architectures.  Meru  Networks  has  devised  a  wireless 
alternative  it  says  emulates  hierarchical  cabled  networks. 

Using  a  Meru  Wireless  Backbone  System,  client  devices 
communicate  with  Meru  access  points  wirelessly,  as 
always.  From  there,  the  access  points  communicate  wire¬ 
lessly  to  the  company’s  Radio  Switch  in  the  “distribution” 
layer,  explains  Ihab  Abu-Hakima,  Meru  president  and  CEO. 

The  Radio  Switch  overlays  multiple  channels’  worth  of 
bandwidth  for  greater  capacity 

Multiple  Radio  Switches  talk  to  one  another  wirelessly  as 
well.  At  least  one  Radio  Switch,  however,  must  be  cabled 
back  to  the  high-speed  core  (data  center)  Ethernet  switch 
or  redundant  switch  pair. 

The  Meru  controller  —  which  has  visibility  into  the  wire¬ 
less  network  topology  tracks  authentications  so  no  handoff 
time  is  wasted  when  roaming,  load-balances  access  points 
and  handles  many  other  functions  —  can  be  cabled  to  the 
wired  backbone  switch  for  centralized  control. 

The  hierarchical  topology  contrasts  with  wireless  mesh 
networks.  In  a  mesh  network,  802.11  nodes  communicate 
with  one  another  wirelessly  in  the  backhaul  section  of  the 
network  in  a  flat  topology  Wiring  is  at  the  “perimeter”  only, 
between  the  Ethernet  switch,  printer,  video  camera  or 
other  edge  devices  and  the  nearest  802.1 1  node. 

Mesh  is  seeing  a  greater  uptake  in  outdoor  networks 
than  as  a  replacement  for  cabled  LANs  indoors.  One  rea¬ 
son,  according  to  Monte  Seifers,  director  of  technology  at 
Black  Box  Converged  Solutions  Group,  a  value-added  re¬ 
seller  is  that  meshes  have  trouble  coordinating  VPN  secu¬ 
rity  end  to  end. 

“I  would  be  uncomfortable  with  most  of  my  customers 
sending  sensitive  information  over  mesh,”  Seifers  says, “be¬ 
cause  mesh  doesn’t  lend  itself  to  encryption  algorithms.” In 
mesh  networks,  the  forwarding  path  is  always  changing, 
while  VPNs  are  designed  for  connection-oriented  sessions 
that  require  a  single  authentication. 

The  need  for  continual  dynamic  reauthentications  in 
mobile  networks  blows  that  model. The  new  Meru  system, 
however,  operates  hierarchically  and  has  Advanced  En¬ 
cryption  Standard  built  in. 

In  addition,  the  more  hops  in  mesh  networks,  the  less 
overall  bandwidth  is  available,  which  isn’t  the  case  with  the 
hierarchical  topology,  according  to  Seifers. 

Ken  Winke,  IT  director  at  Optimus,  a  Chicago  post-pro¬ 
duction  house  that  edits  TV  commercials  and  has  a  10- 
access  point  Meru  wireless  LAN, says  he  would  “love  to  get 
rid  of  the  cabling”  for  his  office’s  business  machines  and 
redeploy  it.  However,  editors  using  high-end  workstations 
for  editing  “need  Gigabit  Ethernet  dedicated  bandwidth. 
For  them,  I  don’t  see 
eliminating  my  wires.” 

Wexler  is  an  inde¬ 
pendent  networking 
technology 
writer/editor  in 
Silicon  Valley.  She  can 
be  reached  at 
joanie@jwexler.  com 
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Vendor  Solutions  for  Your  IT  Challenges 


COMPANY:  Network  Instruments,  LLC 

OVERVIEW:  Although  advanced  network  trouble¬ 
shooting  tools  are  readily  available,  many  IT  profession¬ 
als  continue  to  take  the  old  "trial  and  error" approach 
to  solve  problems.  AAA  East  Central  utilizes  Network 
Instruments'Observer®  Suite  along  with  60  probes 
across  the  entire  network  infrastructure  to  proactively 
monitor  the  network,  resulting  in  happier  users  and 
customers. 

CHALLENGE:  Attempting  to  resolve  an  issue  is  chal¬ 
lenging  and  time  consuming  if  you  can't  first  identify 
the  cause. 

SOLUTION: 

•  Abnormal  Activity:  Knowing  what  device  is  caus¬ 
ing  an  unusual  amount  of  activity  can  be  the  key 
factor  in  resolving  a  situation.  "We  consistently  use 
Observer's  Top  Talkers  to  see  if  there  is  any  unusual 
activity," said  Coleman  Jennings,  senior  network 
engineer.  "It's  a  big  problem  when  a  device  other 
than  servers,  routers,  or  anyone  in  the  IT  department 
ranks  high  on  Top  Talkers." 

•  Server  Overload:  In  one  case,  Jennings  identified 
an  end  user  transferring  a  large  number  of  files  to  a 
server.  He  investigated  further  and  discovered  that 
an  employee  was  backing  an  entire  hard  drive  to 
that  server.  "Through  Top  Talkers  I  was  able  to  track 
down  the  person"  Jennings  said.  "Had  I  not  stopped 
that  person,  all  the  activity  would  have  overloaded 
the  system." 

•  Application  Degradation:  On  another  day,  an 
application  responsible  for  providing  Emergency 
Road  Service  stalled.  Jennings  drilled  down  with 
Observer's  Connection  Dynamics  for  a  packet-by- 
packet  display  of  the  application's  communication 
with  each  client.  "The  time  analysis  clearly  showed 
there  was  a  problem  with  the  application,  which 

I  was  able  to  immediately  address  —  restoring  full 
service  to  our  customers,"  Jennings  said. 

Measurable  Results:  Observer  monitors  network 
communication  around  the  clock  to  ensure  that 
AAA  East  Central  constantly  receives  the  information 
resources  needed. "Observer  is  like  having  an  employee 
on  site  at  all  hours  to  manage  the  network,"  said  Portia 
Ulinski,  CIO.  "So  far  Observer  has  prevented  us  from 
experiencing  any  downtime." 


COMPANY:  Kentrox 

OVERVIEW:  Kentrox  is  a  leading  supplier  of  high¬ 
speed  network  access  equipment,  including  the 
award-winning  QoS  appliance,  Q-Series  QoS  access 
routers,  CSUs,  DSUs,  ATM  access  concentrators,  and 
wireless  access  products. 

CHALLENGE:  Quality  of  Service  (QoS)  is  becoming 
increasingly  important  for  many  organizations.  Applica¬ 
tions  such  as  Voice  over  IP  (VoIP),  video,  and  business 
systems  compete  with  other  less  critical  traffic  for 
limited  network  resources,  especially  at  the  Wide  Area 
Network  (WAN)  access  point.  Limited  resources  can  cre¬ 
ate  data  loss  or  delays  in  the  flow  of  information.  This  is 
particularly  true  with  VoIP  —  delayed  voice  or  dropped 
calls  are  just  a  few  examples.  The  need  for  consistent, 
guaranteed  performance  has  become  increasingly  vital. 
Network  managers  can  not  always  afford  to  just  keep 
buying  bandwidth  to  solve  the  performance  problems 
in  their  network. To  achieve  a  successful  networking 
solution  and  to  protect  the  performance  of  critical  busi¬ 
ness  applications  without  adding  bandwidth,  compa¬ 
nies  should  adopt  a  QoS  solution. 

SOLUTION:  Many  organizations  have  realized  the 
need  for  QoS  in  a  network.  Whether  a  router  with  QoS 
is  needed  or  if  there  is  already  a  router  in  place  without 
QoS,  Kentrox  has  the  solution. The  award-winning 
Q1 300  QoS  Appliance  can  be  added  to  a  network  with 
a  router  already  in  place.  The  QoS  appliance  monitors 
and  prioritizes  traffic  to  manage  bandwidth  without 
the  need  to  replace  existing  routers.  The  Q1300  com¬ 
bines  the  features  of  a  QoS  appliance  and  Ethernet 
switch  into  one  easy-to-use  network  access  device,  for 
the  very  affordable  list  price  of  $735. 

The  Kentrox  family  of  QoS  routers  provides  an  all-in- 
one  networking  solution  for  small  and  medium  busi¬ 
nesses  and  branch  offices.  Customers  get  the  function 
of  an  IP  router,  QoS  appliance,  VPN,  firewall,  WAN 
access,  and  an  Ethernet  switch  that  protect  and  priori¬ 
tize  Voice  over  IP  (VoIP)  and  other  critical  applications. 
Integrating  six  devices  into  a  single  device  significantly 
reduces  capital  outlay  and  management  and  mainte¬ 
nance  expenses  over  the  life  of  the  product.  List  price 
starts  as  low  as  $895. 

Want  to  find  out  more?  Visit  the  Kentrox  website  to 
read  a  whitepaper  titled  "Quality  of  Service  —  What  is 
it  and  why  do  you  need  it",  test  drive  the  QoS  routers 
or  appliance,  watch  a  10  minute  on-demand  demo 
of  the  Q1300  QoS  Appliance,  or  learn  more  about  the 
Kentrox  QoS  offerings. 
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continued  from  page  50 

Training  is  another  often-overlooked  area.  IT  execu¬ 
tives  cited  training  as  one  of  their  key  recommenda¬ 
tions  to  peers  based  on  lessons  learned  in  their  own 
projects.  Value-added  resellers  and  vendors  often  will 
include  training  as  part  of  the  deal.  But  several  IT  exec¬ 
utives  suggest  that  vendors  invest  more  in  consistent, 
nationwide  training  programs  —  even  if  they  must 
charge  for  them. 

“Part  of  the  problem  is  finding  training,” says  the  CTO  of 
a  healthcare  company“We  don’t  have  a  $2,000-per-engi- 
neer  budget,  but  we  do  provide  training  piecemeal.” 

In  fact,  the  amount  organizations  are  spending  on 
training  has  decreased  since  2004.  For  example,  small 
companies  were  spending  about  $2,500  per  person  on 
training  in  2004,  and  they’re  now  spending  closer  to 
$2,000. 

Nemertes  recommends  internal  IT  staffs  train  users  on 
the  new  handsets  and  features  whenever  possible.  The 
best  approach  is  to  schedule  20-  to  30-minute  sessions 
with  small  groups  of  users  and  teach  them  the  basics. 

Rather  than  trying  to  force  all  users  to  use  all  features 
and  applications  at  the  same  time,  companies  that 
have  installed  additional  features  (for  example,  unified 
messaging  or  real-time  communications  dashboards) 
should  solicit  tech-friendly  trial  users  who  will  build 
consensus  among  their  peers.  Before  long,  users  will 
be  asking  for  the  “cool  new  feature”  that  Bob  in  the 
next  cube  has  been  using. 

Cost  savings 

The  specific  areas  vary  in  which  companies  find  cost 
savings,  but  companies  almost  always  do  find  some. 
The  most  important  thing  to  remember  when  creating 
a  business-case  analysis  is  that  each  company’s  sav¬ 
ings  depends  greatly  on  architecture,  vendor  or  carrier 
selection,  application  rollout  plans  and  staffing  levels, 
among  other  factors. 

Generally, organizations  save  money  (or  increase  top¬ 
line  revenue)  the  most  in  a  few  areas:  staffing,  ongoing 
management  and  administration,  IP  audio-  and  video- 
conferencing,  telecom  circuits,  cabling  new  buildings, 
and  employee  productivity. 

•STAFFING: 

When  they  start  using  VoIP  organizations  typically 
save  on  their  staffing  requirements,  as  well  as  the 
money  they  spend  on  outsourcers  and  consultants. 
However,  a  small  percentage  (5%)  said  they  had  to 
increase  their  staffs  because  of  VoIP  In  those  cases, 
they  added  one  to  three  employees,  regardless  of 
overall  staff  size. 

The  average  personnel  savings  has  increased  from 
2004,  when  organizations  reassigned  or  eliminated  an 
average  0.74  positions,  at  $76,830  per  year.  This  year 
the  figure,  when  averaged  among  all  organizations,  is 
0.76  positions,  at  $81,240  per  year. 

Nearly  one-third  of  the  participants  said  they 
.■saved  on  staffing  costs.  When  the  numbers  were  run 
for  i '.uiy  those  organizations,  the  average  staff  savings 
jumped  to  1.46  employees, or  $192,584  in  salaries  and 
consulting  costs. 


Participants  said  they  typically  reassign  people 
rather  than  walk  them  to  the  door.  In  addition, some  of 
the  personnel  savings  comes  from  cost  avoidance. 

“If  1  had  to  go  with  TDM,  I’d  have  to  hire  more  peo¬ 
ple,”  says  the  global  telecom  director  of  an  entertain¬ 
ment  company  with  a  growing,  2,500-person  VoIP  roll- 
out.Tm  working  with  20%  to  40%  less  with  IP’ 

•  MANAGEMENT  AND  ADMINISTRATION: 

Exactly  what  are  these  staff  members  doing,  and 
how  much  time  are  they  spending  maintaining  the 
voice  network?  First,  they  generally  don’t  distinguish 
between  maintenance  and  troubleshooting.  It’s  all  just 
managing  the  voice  network. 

What  that  includes  is  making  sure  IP  PBXs,  handsets 
and  softphones  are  up-to-date  on  the  latest  revisions; 
troubleshooting  performance  problems  or  outages; 
moves, adds  and  changes  (MAC); and  monitoring  over¬ 
all  performance. 

Some  —  typically  small  and  midsize  —  organizations 
are  starting  to  outsource  the  day-to-day  management  of 
VoIP  systems.  “We’re  considering  eliminating  a  person 
and  outsourcing  the  actual  maintenance  of  the  system,” 
says  the  IT  director  of  a  large  law  firm.  “There’s  not 
enough  to  do  to  keep  someone  with  those  skills  on-site.” 

Savings  on  MACs  are  one  of  the  most  important 
ways  organizations  justify  their  VoIP  rollouts.  Overall, 
participants  spend  an  average  of  $124  on  MACs.  This 
number  includes  MACs  done  internally  and  externally 
The  cost  ranges  from  $29  to  $450:  At  the  low  end  are 
internal  MACs  done  by  an  efficient,  experienced 
and/or  low-paid  staff.  At  the  high  end  —  generally  in 
large  cities  —  are  external  MACs. 

The  number  of  MACs  increases  with  company  size, 
not  surprisingly,  and  ranges  from  197  to  136,020.  MAC 
penetration,  however,  isn’t  as  dependent  on  company 
size  (penetration  is  the  percentage  of  MACs  based  on 
the  total  employee  base). 

The  big  shift  this  year  is  that  on  average,  organiza¬ 
tions  make  1 .28  MACs  for  each  employee.  Realistically 
at  most  organizations  employees  don’t  change  offices 
more  than  once  a  year.  What  happens  is  more  like  a 
chain  reaction.  One  person  leaves  the  company  and 
three  to  five  MACs  result  —  one  for  the  person  leaving, 
one  for  the  person  who  wants  that  office,  one  for  the 
person  who  wants  the  next-vacated  office,  and  one  for 
the  replacement. 

See  VoIP,  page  54 


Benchmarks  for  VoIP  deployments 

There  are  four  spending  benchmarks:  start-up 
costs,  capital  expenses,  training  and  management 


MEDIAN  START-UP  COSTS 

Fewer  than  100  users 

$143  per  user 

More  than  100  users 

$53  per  user 

AVERAGE  CAPITAL  EXPENDITURES 


VoIP  implementations,  all  sizes 

_ 


IP  PBX 

$448,221 

IP  PBX,  messaging 
included 

$562,024 

IP  handsets 

$580,799 

Network  upgrades 

$1,398,527 

Voice  mail/UM 

$54,333 

Audioconferencing 

$182,463 

Management 

$100,000 

RECOMMENDED  TRAINING 

Deployment 

size 

Number  of 
locations 

Users  to  train 

Cost  per 
user 

Very  small 

Fewer  than  5 

0  to  1 

(0  =  outsourced) 

$2,000 

Small 

6  to  20 

1  to  2 

$2,000 

Midsize 

21  to  250 

3  to  5 

$1,800 

Large 

251  to  1,000 

10  to  15 

$1,500 

Enterprise 

1,001  or  more 

15  or  more 

$1,500 

RECOMMENDED  MANAGEMENT  BUDGET 

Deployment  size 

Number  of 
locations 

Budget 

Very  small 

Fewer  than  5 

Freeware,  IP  PBX  tools, 
carrier  tools 

Small 

6  to  20 

$25,000  to  $50,000 

Midsize 

21  to  250 

$75,000 

Large 

251  to  1,000 

$100,000 

Enterprise 

SOURCE:  NEMERTES  RESEARCH 

1,001  or  more 

$100,000+  (depends  on 
the  configuration; 
requires  consultation) 

►  Management  costs 

When  measuring  management  cost  per  user  by  vendor,  Nortel  deployments  are  the 
most  expensive  to  manage,  primarily  because  many  are  hybrid,  and  customers  still 
require  staffs  to  maintain  the  TDM  gear. 

Nortel  costs  $268  per  user  to  operate  in  smaller  rollouts,  and  $87  in  larger  rollouts. 
ShoreTe!  is  the  least  expensive  to  operate,  at  $13  per  user  for  smaller  rollouts  and  $10  per 
user  for  larger  rollouts. 

In  reviewing  total  overall  costs  for  maintaining  a  VoIP  system,  however,  Cisco,  at 
$256,750  per  year,  is  the  most  expensive  for  implementations  with  more  than  1,000 
units,  and,  at  1 124,266  per  year,  its  also  the  most  costly  for  rollouts  with  fewer  than 
1,000  units. 

'Those  four  vendors  garnered  enough  statistical  response  to  be  broken  out  individually 
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VoIP 

continued  from  page  52 

In  moving  to  VoIR  MACs  become  very  simple.  The 
time  involved  for  a  TDM  MAC  is  30  to  90  minutes,  but 
an  IP  MAC  takes  10  minutes  or  less. The  total  cost  sav¬ 
ings,  depending  on  the  number  of  MACs  at  a  given 
organization,  can  therefore  be  significant. 

•  IP  CONFERENCING. 

Another  area  of  savings  is  video-  and  audioconferenc¬ 
ing.  The  payback  period  is  six  to  12  months  when  orga¬ 
nizations  replace  an  ISDN-based  audio-  or  videoconfer¬ 
encing  system  with  an  IP  system.  Typically  companies 
pay  $200  to  $300  per  hour  for  ISDN-based  videoconfer¬ 
encing  services  (and  as  much  as  $2,000  for  global  calls), 
and  6  cents  to  12  cents  per  minute  for  audioconferenc¬ 
ing  services. 

Several  organizations  say  they’re  using  IP  video-  and 
audioconferencing  for  internal  communications,  which 
can  be  10%  to  75%  of  their  audioconferencing  calls  and 
30%  to  60%  of  their  videoconferencing  calls,  depending 
on  the  industry  They  use  service  providers  for  external 
calls;  typically  these  are  ISDN-based  services,  but  they’ll 
use  more  IP-based  services  as  the  carriers  migrate  to  IP 

By  shifting  from  ISDN  to  IP  videoconferencing,  orga¬ 
nizations  can  see  a  payback  in  12  to  38  months, based  on 
the  averages  from  the  Nemertes  study. 

Payback  periods  are  even  more  compelling  for 
audioconferencing:  1.4  to  5  months,  based  on  averages 
from  the  study  (see “Benchmarking  VoIP  savings”). 


•TELECOM  CIRCUITS 

By  integrating  access  lines  and  consolidating 
unused  capacity  on  WAN  links,  organizations  report 
they’re  saving  as  much  as  50%  on  their  network  ser¬ 
vice  costs. 

•CABLING 

For  new  offices,  cabling  costs  drop  by  40%  to  50%, 
because  there’s  no  need  to  run  three  to  four  drops  per 
desktop.  Instead, companies  can  run  one  or  two  drops 
per  desktop,  eliminating  the  cost  of  the  cable  and, 
more  significantly,  the  labor  to  do  the  job. 

•EMPLOYEE  PRODUCTIVITY 

Though  difficult  to  measure,  organizations  are  see¬ 
ing  improved  productivity  when  they  roll  out  VoIP  and 
associated  collaborative  applications.  These  savings 
are  mostly  anecdotal,  however. 

For  example,  hospitals  save  on  nurses’  salaries  by 
deploying  wireless  VoIP  phones.They  trim  15  to  30  min¬ 
utes  off  each  eight-hour  shift  of  a  nurse,  nurse  techni¬ 
cian  or  unit  clerk  in  a  hospital  setting.That  translates  to 
234  to  548  hours  per  year,  per  shift,  per  employee  that 
can  be  devoted  to  other  tasks.  With  an  average  loaded 
hourly  salary  of  $28,  hospitals  save  $6,552  to  $13,104 
per  nurse,  nurse  technician  or  unit  clerk  per  year. 

Gareiss  is  executive  vice  president  and  senior  found¬ 
ing  partner  and  CFO  for  Nemertes  Research.  She  can  be 
reached  at  robin@nemertes.com. 


Breaking  the  costs  down  by  vendor 


Benchmarking  VoIP  savings 

Staff  savings  and  less  expensive  audio- 
and  videoconferencing  can  add  up. 


ANNUAL  PERSONNEL  SAVINGS 

All  participants 

Participants  that  reduced  staff 

$  saved 

$81,240 

$192,584 

Number  of 
employees 

.76 

1.46 

AUDIOCONFERENCING  COSTS 

Average  minutes/month 

1,200,000 

Average  per-minute  rate 

$.079 

Total  monthly  cost 

$94,800 

Average  IP  audio  bridges 

$88,000 

Operational  start-up 

$48,000 

Payback  in  months  (all  calls) 

1.43 

Payback  in  months  (50%  of  calls) 

1.88 

Payback  in  months  (30%  of  calls) 

4.78 

1 

VIDEOCONFERENCING  COSTS 

Average  hours/month 

80 

Average  per-hour  rate 

$250 

Total  monthly  cost 

$20,000 

Average  IP  audio  bridges 

$162,189 

Operational  start-up 

$68,000 

Payback  in  months  (all  calls) 

11.51 

Payback  in  months  (50%  of  calls) 

16.33 

Payback  in  months  (30%  of  calls) 

38.36 

Nemertes’  benchmark 
of  Avaya,  Cisco,  Nortel 
and  ShoreTel  garnered 
enough  statistical 
responses  to  be 
counted  individually. 

When  we  asked  respondents  how 
much  time  they  spent  on  operational 
start-up,  measured  in  minutes  per  user, 
Cisco  came  out  on  top  at  250  minutes 
per  user,  followed  by  Nortel  at  186  min¬ 
utes,  Avaya  at  77  minutes  and  ShoreTel 
at  69  minutes. 

That  makes  sense  because  Cisco  roll¬ 
outs  are  typically  larger  and  more  com¬ 
plex  than  the  other  vendors’.  Cisco  IP 
telephony  systems  often  require  addi¬ 
tional  network  upgrades,  which  must  be 
taken  into  account  during  the  planning 
and  installation  phases.  ShoreTel  deploy¬ 
ments  are  typically  smaller  and  iess 
complex  than  the  others.’ 

For  example,  Cisco's  VoIP  rollouts 
include  the  highest  average  number  of 
VoIP  handsets:  3,344  per  organization. 
Avaya  has  the  second-highest  average 
number  of  handsets  (2,393),  Nortel 
averaged  722  handsets  and  ShoreTel 


averaged  522  handsets. 

When  it  comes  to  translating  time  into 
money,  Avaya's  average  cost  per  user  is 
third  lowest,  even  though  it  has  a  rela¬ 
tively  high  average  number  of  users. 
Part  of  that  can  be  explained  by  the 
fact  that  the  cost  of  an  IP  PBX  deploy¬ 
ment  is  spread  across  more  users,  so 
the  average  cost  per  user  is  lower.  Also, 
Avaya  rollouts  often  are  limited  to  the 
contact  center,  which  means  less  com¬ 
plexity  than  when  the  technology  is 
deployed  organizationwide. 

That's  different  from  Nortel,  which 
serves  more  midsize  businesses  than 
Cisco  or  Avaya.  With  fewer  users  to 
absorb  the  central  PBX  deployment 
costs,  the  per-user  costs  are  higher. 

Per-user  costs 

The  research  showed  that  organiza¬ 
tions  are  spending  a  median  of  $143 
per  user  for  projects  with  fewer  than 
1,000  users  and  a  median  of  $53  per 
user  for  rollouts  of  more  than  1,000 
users. 

For  implementations  of  fewer  than 
1,000  units,  ShoreTel  costs  the  least 


per  user,  at  $105.  Cisco,  Nortel  and 
Avaya  are  fairly  close  in  operational 
start-up  costs,  though  Nortel's  and 
Avaya’s  are  higher  than  Cisco's. 
Interestingly,  Nortel  and  Avaya  are 
within  $1  of  each  other,  indicating 
some  stability  and  consistency  in  the 
effort  involved  with  the  legacy  TDM 
vendors. 

For  installations  of  1,000  units  or 
more,  we  see  lower  costs  per  user 
overall.  Much  of  the  implementation 
cost  is  in  planning  the  overall  project 
and  installing  the  core  IP  PBXs.  The 
ability  to  spread  those  costs  among  a 
larger  user  base  reduces  the  cost  per 
user.  ShoreTel  again  comes  out  on 
top,  at  $31  per  user,  followed  closely 
by  Avaya  at  $50.  Cisco  is  the  most 
costly,  at  $165  per  user,  followed  by 
Nortel,  at  $132  per  user.  The  figures 
don't  depend  on  what  the  vendors 
charge,  but  on  how  easy  their  prod¬ 
ucts  are  to  install  —  and  how  much 
expertise  their  customers  possess. 

Capital  costs 

Equipment  costs  round  out  the  initial 


total  investment  for  a  VoIP  implemen¬ 
tation.  Organizations  spend  an  aver¬ 
age  of  $878  per  user  for  IP  telephony 
switches  and  handsets  in  rollouts  of 
fewer  than  1,000  users,  and  $628  per 
user  in  rollouts  of  more  than  1,000 
users.  One  notable  shift  year  over 
year  is  that  prices  have  become  more 
consistent  among  vendors.  In  other 
words,  the  per-user  pricing  within 
each  size  category  is  reasonably 
close  in  most,  but  not  all,  cases. 

ShoreTel  is  the  low-price  leader  for 
smaller  implementations.  Avaya  has 
the  lowest  prices  for  larger  implemen¬ 
tations  —  a  departure  from  the  past 
two  years,  when  Avaya’s  pricing  was 
among  the  highest. 

When  assessing  all  capital  costs  - 
network  upgrades,  voice  mail  or  uni¬ 
fied  messaging,  conferencing  and 
management  —  associated  with  a 
VoIP  deployment,  the  numbers  obvi¬ 
ously  increase. 

Nemertes  expects  these  figures  will 
increase  as  organizations  require  and 
budget  for  more  management  tools 
and  collaborative  applications. 
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Whether  your  network  is  built  on  today's  already-outdated  technology  or  delivering 
tomorrow's  converged  services  right  this  minute,  it's  all  about  to  change. ..again.  So 
say  good-bye  to  SUPERCOMM®  and  hello  to  GLOBALCOMM,™  TIA's  new  premier 
event  for  information  and  communications  technology.  With  450+  exhibitors  and 
20,000  of  the  industry's  best  and  brightest  in  attendance,  you'll  find  thousands  of 
solutions  to  prepare  your  network — and  your  business — for  change. 

Be  ready  for  tomorrow.  Register  for  GLOBALCOMM™  today. 


Don’t  miss  DataComm! 

CMP  Media's  DataComm  Enterprise  Conference  takes 
place  June  6  &  7  at  GLOBALCOMM  and  covers  storage, 
security  and  wireless  infrastructure,  software  and  services 
in  parallel  tracks,  providing  participants  with  breadth  and 
depth — all  from  a  single  event. 

Go  to  www.data.com/cwl  today  to  apply  for 
your  complimentary  registration  to  the  DataComm 
Enterprise  Conference  at  GLOBALCOMM. 


www.globaicomm2006.com 

Enter  code  E507  for  FREE  registration,  a  $150  value! 


Complimentary  Registration  is  available  to  qualified  business 
technology  executives  who  are  involved  in  the  evaluation,  purchase 
or  management  of  Storage,  Security,  and  Wireless  Infrastructure 
products  used  to  manage  corporate  data. 
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SUPERCOMM  is  a  registered  trademark  of  TIA  and  USTA.  GLOBALCOMM  is  a  trademark  of  TIA.  The  last  SUPERCOMM  took  place  June  2005. 
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Award-Winning  Web  Hosting 

When  you're  the  best  at  what  you  do,  people  notice.  That's 
why  1&1  was  named  Best  Web  Hosting  Company  of  2005  by 
Hostreview.com,  a  leading  independent  web  hosting  research 
firm.  And  it's  not  just  the  industry  experts  who  are  sold  on  1  &1 . 
With  5  million  customers  and  counting,  many  of  our  best 
recommendations  still  come  by  word-of-mouth. 


Follow  the  Leader 

As  the  world's  #1  web  host,  1&1  continues  to  raise  the  standard 
for  reliable  hosting  even  as  we  maintain  our  low  prices.  1&1  has 
taken  the  guesswork  out  of  web  hosting  by  offering  all-inclusive 
plans  starting  at  $2. 99/month,  with  no  hidden  costs  or  fine 
print.  The  industry  has  responded  as  the  competition  rushes  to 
match  l&l's  features,  but  there  can  only  be  one  leader. 


</  Hosting  services  provided  since  1995 
S  Innovative  web  applications 
\S 150  in-house  programmers 

y  One-stop  shop  for  all  your 
website  needs 

V?  All-inclusive  prices  with  no 
hidden  charges 

/\  90-day  money  back  guarantee 


World's  Largest  Web  Host 

With  2.9  million  active  sites  worldwide,  1&1  is  a 
global  leader  in  volume  and  web  hosting  power. 


Source:  Netcraft  Ltd  -  www.netcraft.com  April  1,  2006 
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Mailbox  Size 


Website  Builder 


Freeware 


Dynamic  Web  Content 


Web  Statistics 


Chat  Channels 


Database 


MySQL  Support 


25  MySQL  (Linux) 


Extra  Charge  Applies 


Search  Engine  Tools 
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PHP  Support  (Linux) 


Peri  Support  (Linux) 


Software  Suite  ($600  Value) 


90-Day  Money  Back  Guarantee 


24/7  Phone,  E-mail 


24/7  Toll-free  Phone,  E-mail 


Support 
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E-MAIL  NEWSLETTER  SHOWCASE:  Identity  management 

An  intelligent  electronic  rental  car  assistant 


BY  DAVE  KEARNS 

One  of  the  high  points  of  the 
recent  Internet  Identity  Workshop 
in  Silicon  Valley  was  Doc  Searls’ 
session  on  “Intention  and 


identity”. 

Searls,  senior  editor  at  Linux 
Journal ,  spends  lots  of  time  in 
rental  cars  and  much  of  his  public 
speaking  (and  private  speaking, 


for  that  matter)  revolves  around 
renting  and  driving  automobiles 
(for  example,  Searls’  First  Law  of 
Car  Rental:  It  doesn’t  matter  what 
kind  of  car  you  want  to  rent.  You ’re 


going  to  get  a  Chevy  Cavalier). 

What  he  based  the  roundtable 
discussion  on  was  his  desire  to 
specify  the  time  and  place  he’d 
like  to  rent  a  car  and  a  fairly 


How  many  tools  do  you  use  to 
Certify,  Identify,  Configure  &  Document 
your  Ethernet  network? 

(That’s  too  many!) 


Introducing  Validator-NT 

The  All-in-One  Network  Management  Tool 

CERTIFY  individual  Ethernet  cable  runs  up  to 
1  Gigabit  Speed  per  IEEE802.3  specifications. 

Test  for  TIA568  Interconnect  problems.  Determine 
fault  locations,  cable  length  and  delay  or  noise 
conditions.  Produce  and  print  cable  test  schedules 
and  cable  test  results.  Qualify  lines  for  VoIP  usage. 

IDENTIFY  active  components  of  your  network  on 
the  other  end  of  the  cable.  Identify  all  types  of  equipment 
and  port  service  discovery  with  advertised  speed  ratings 
and  DHCP  negotiation.  Access  IP  addresses,  ping  equipment 
and  flash  hubs/switches  for  positive  port  location. 

CONFIGURE  links  between  nodes  at  Gigabit  speed. 

Check  IP  addresses  on  netmask,  Gateway/routers  and  domain 
name  servers.  Confirm  links  between  equipment  for  changes 
or  upgrades. 

DOCUMENT  the  network  with  the  included  powerful 
Plan-Urn  software.  Create  layouts  of  offices/premises  or  import 
existing  Visio/AutoCAD  drawings.  Show 
cables  and  equipment  they  connect  to  in 
physical  locations.  Print  out  layouts  and 
corresponding  Cable  Test  Schedules.  The  Network 
Tool  section  of  Plan-Urn™  allows  you  to  create  a  complete 
topology  layout  of  the  network  for  on-site  reference,  showing 
connections,  equipment  and  cable  pathways.  You  can  add  notes  to  each 
component  of  the  network  for  future  add,  changes,  and  move  legacy  information. 


4"  color  LCD  screen 

Lithium/ion  battery 
provides  8  continuous 
hours  of  use 


software  included 


Everything  you  need  to  Test,  Trace  and  Tune  your  Ethernet  Network. 


Test-Um  Inc 

The  Intelligent  Test  Solutions  Company 


in  the 

U@A 


805-383-1500  •  FAX  805-383-1595  •  www.test-um.com 


detailed  description  of  the  car 
and  then  have  multiple  rental 
agencies  respond  with  quotes. 
Not  like  the  experience  on  Orbitz 
or  Travelocity,  where  you  get  a  list 
of  car  types  (for  example,  “Toyota 
Corolla  or  similar”  which,  as  Searls 
says  will  get  you  a  Chevy  Cava¬ 
lier). No, Searls  wants  to  be  able  to 
specify  a  2005  Ford  Explorer  with 
four-wheel  drive,  satellite  radio 
and  a  ski  rack  and  have  the  assur¬ 
ance  that  this  is  what  he’ll  receive. 
Of  course,  he  could  call  each 
rental  company  to  see  what  they 
offer,  but  that  takes  a  lot  of  time. 
Add  in  that  he  would  weigh 
many  factors  when  deciding  — 
price,  refueling  charges,  frequent 
flyer  points,  extra  credit  for  com¬ 
panies  with  good  maps.  It  could 
take  days  to  track  down  all  of  that 
information. 

But  suppose  Searls  had  a  PDA. 
One  that  understood  all  of  his  pref¬ 
erences,  knew  his  rental  history 
had  the  ability  to  contact  all  of  the 
available  rental  companies  at 
every  location  worldwide  and 
was  able  to  work  24  hours  a  day 
seven  days  a  week.  Such  an  agent, 
or  avatar,  is  solely  controlled  by 
the  user  and  has  full  access  to  all 
of  the  user’s  attributes  (and  their 
values). The  avatar  would  be  self¬ 
training  —  learning  from  each 
foray  into  the  online  world  on 
behalf  of  the  user.  Over  time,  the 
user  could  enable  the  avatar  to 
make  purchases  and  agree¬ 
ments  as  the  user’s  representa¬ 
tive.  Now  that’s  an  open  source, 
identity-based  application/ser¬ 
vice  I’d  like  to  see.  Work  on  it,  then 
come  to  the  next  Internet  Identity 
Workshop  and  share  it  with  us. 

Kearns  is  a  writer  and  consultant 
in  Silicon  Valley.  His  company. 
Virtual  Quill,  provides  content  ser¬ 
vices  to  network  vendors:  books, 
manuals,  white  papers,  lectures 
and  seminars,  marketing,  technical 
marketing  and  support  docu¬ 
ments.  He  can  be  reached  at 
info@vquill.com. 
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In  your  in-box 

Sign  up  for  this  or  any  of  Network 
World's  many  other  e-mail  newsletters. 
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MMCEMENT  STRATEGIES 

■  CAREER  DEVELOPMENT  ■  PROJECT  MANAGEMENT  M  BUSINESS  JUSTIFICATION 

Data  center  moving  day 

Proper  planning  ensured  the  successful  relocation  of  retailer  Boscov’s  IT  operations. 


BY  JENNIFER  MEARS 

With  a  24/7  e-commerce  storefront  and  more 
than  three  dozen  stores  spread  across  the 
mid-Atlantic  region,  Boscov’s  doesn’t  have 
time  to  close  its  doors  for  a  data  center  move.  So,  when 
technical  support  manager  Joe  Poole  heard  rum¬ 
blings  about  an  impending  migration,  he  knew  the 
project  would  be  daunting. 


For  one  thing,  the  atmosphere  around  the 
move  was  different  from  what  Poole  had 
experienced  when  Boscov’s  shifted  data 
centers  in  1989.  “I  don’t  think  they  could 
have  spelled  ‘Web’  back  then,”  Poole  says  of 
the  North  Reading,  Pa.-based  retailer.  “I 
think  we  just  shut  things  down  and  did  the 
move  on  a  Sunday’ 

It  wouldn’t  be  so  easy  this  time.  With  Bos¬ 
cov’s  operating  as  an  always-on  business,  the 
challenge  was  to  transfer  the  company’s  IT 
operations  without  causing  a  major  outage 
or  lengthy  downtime.There  were  terabytes  of 
data  residing  on  disks  and  a  tape  library  that 
had  to  be  moved  —  a  project  Fbole  estimat¬ 
ed  would  take  at  least  24  hours. 

“Without  the  tape  library  there  was  no 
batch  production,  and  there  was  never 
going  to  be  a  day  —  especially  as  we  were 
looking  at  September,  when  we  start  to  get 
busy  for  the  Christmas  season  —  that  we 
could  be  down  for  24  hours,”  he  says. 

Boscov’s  was  moving  its  IT  operations 
to  become  the  inaugural  tenant  of  a  new 
IT  service  provider,  Directlink  Technolo¬ 
gies.  Directlink  is  one  of  several  projects 
launched  by  Boscov’s  owner,  Albert  Bos- 
cov,  supported  by  Pennsylvania  Gov. 
Edward  Rendell  and  aimed  at  revitaliz¬ 
ing  an  area  of  Pennsylvania  hit  hard  by 
job  losses. 

Housed  in  the  former  General  Public 
Utilities  building  in  Reading,  Directlink 
has  more  than  80,000  square  feet  of  data 
center  space,  as  well  as  access  to  a  broad¬ 
band  fiber-optic  network  that  reaches  into 
the  Northeast  and  Middle  Atlantic  and 
Midwestern  states. 

“In  order  to  make  [Directlink]  viable  to 


potential  customers,  Mr.  Boscov  . . .  decided 
there  should  be  a  presence  in  there,”  Poole 
says. “That’s  where  we  came  in.” 

The  new  location  —  with  raised  floors, 
multiple  power  supplies  and  backup  gen¬ 
erators  —  represents  a  step  up  from  what 
Boscov’s  was  operating  in  before.  “We  had 
been  in  a  facility  that  was  built  in  the  1920s 
for  Rosedale  knitting  mills,”  he  says. 

Although  the  physical  distance  between 
Boscov’s  and  the  data  center  was  minor  — 
just  10  miles  —  the  logistics  were  over¬ 
whelming.  With  careful  planning,  however, 
Boscov’s  completed  the  move  more  quickly 
than  expected  and  ended  up  with  an 
upgraded  infrastructure  that  will  support 
the  rapid  growth  of  the  company  Fbole  says. 

Poole  adds  that  the  retailer  now  is  posi¬ 
tioned  for  long-term  savings,  though  he 
wouldn’t  disclose  specifics.  “As  it  turned 
out,  we’re  going  to  open  10  stores  this 
year,  so  the  extra  capacity  was  well  worth 
it,”  he  says. 

When  rumors  of  the  move  started  circu¬ 
lating  in  March  and  April  of  2005,  the  first 
thing  Poole  did  was  to  call  business  part¬ 
ners  Distributed  Systems  Services,  IBM 
and  Sirius  Enterprise  Systems  Group.  Bos¬ 
cov’s  realized  it  was  ready  to  upgrade 
equipment,  and  its  leases  on  existing 
equipment  were  set  to  expire  in  March. 

“We  were  lucky  in  the  sense  that  our 
equipment  leases  all  ran  out  at  the  same 
time  .  .  .  and  there  were  not  that  many 
months  remaining  on  the  leases  that  would 
have  to  be  rolled  over]’  Fbole  says. 

Boscov’s  would  bring  into  the  new  data 
center  a  new  mainframe,  a  new  direct- 
attached  storage  device  (DASD)  and  a  new 


tape  library  with  upgraded  drives,  and  keep 
its  existing  equipment  running  in  the  old 
location. 

It  was  this  kind  of  infrastructure  musical 
chairs  that  let  Boscov’s  move  without  suf¬ 
fering  an  outage.  To  support  that,  Boscov’s 
network  team  had  to  recreate  its  existing 
network  in  the  new  facility  and  then  link 
the  two. 

“We  had  to  build  a  whole  new  infra¬ 
structure  of  Cisco  routers.This  had  to  be  a 
seamless  operation,  meaning  that  our  net¬ 
work  that  was  in  [the  old  data  center]  had 
to  reappear  in  the  new  facility  like  noth¬ 
ing  ever  happened,”  Poole  says.  “You 
couldn’t  go  in  and  redefine  everything. 
You  had  to  move  it.  So  our  very  talented 
networking  crew  was  able  to  bridge  two 
networks  together  10  miles  apart  so  peo¬ 
ple  on  either  side  of  the  fence  would  be 
able  to  access  the  system.” 

Boscov’s  settled  on  Sept.  24  as  moving  day 
At  7  a.m.  Fbole  and  his  team  began  moving 

Making  moves 

Moving  a  data  center  is  no  easy 

task.  When  changing  locations,  keep 

an  eye  on  the  details: 

•  Prepare  the  environment:  Figure  out  what  kind 
of  air  conditioning  and  power  you'll  need  in  the 
new  place  and  make  sure  it’s  available. 

•  Prioritize:  Move  the  most  important  equipment 
first  and  operate  secondary  servers  in  the  old 
location  remotely,  if  possible,  to  break  the  move 
into  easier  chunks. 

•  Watch  the  little  things:  Make  sure  cords  have 
the  right  connector  ends  and  that  there  are 
enough  power  outlets  for  what  you're  planning. 

•  Support  staff:  Make  sure  you're  clear  on  move 
plans  to  keep  staff  motivated. 

•  Power  up  slowly:  As  you  bring  things  up  in  the  new 
data  center,  power  systems  up  slowly  -  and 
separately  -  to  ensure  operating  systems, 
applications  and  equipment  are  functioning  correctly. 

z/VM  data  from  mainframe  storage  to  the 
new  IBM  DS8100  DASD  Shark  at  Directlink. 
The  Web  site  was  offline  for  this  move  but 
was  back  up  and  running  by  1 1  a.m. 

A  similar  process  was  used  to  move 
z/OS  data  to  the  Shark,  though  the  Web 


site  continued  running  through  this 
move,  which  was  completed  around  4 
p.m.The  old  z900  continued  running  the 
show,  though  it  was  accessing  data  at 
Directlink  remotely  via  fiber. 

Once  the  stores  closed  at  9:30  p.m.,  the 
z990  was  brought  online,  and  the  z900  was 
retired.The  tricky  part  was  to  make  sure  the 
machines  didn’t  confuse  things  because 
they  looked  the  same  to  the  network. 
Boscov’s  network  specialists  handled  this 
with  VPNs  and  routers. 

“That’s  one  of  the  things  you  really  have  to 
think  about  when  doing  something  like  this: 
not  messing  up  your  network,”  Fbole  says. 
“Make  sure  that  is  thought  through, because 
you’re  going  to  have  pieces  of  equipment 
with  the  same  names  that  may  be  running 
at  the  same  time.  Think  about  how  you’re 
going  to  filter  out  traffic  that  shouldn’t  be 
going  into  your  production  world.” 

IBM  had  already  assembled  the  tape 
library  at  Directlink, so  once  the  data  was 
moved  and  the  new  mainframe  turned 
on,  the  hard  part  was  done,  Poole  says. 
The  equipment  in  the  old  data  center 
was  disconnected  and  packed  up  for 
shipment  back  to  IBM. 

As  for  staff,  servers  and  other  peripherals 
such  as  printers,  the  transition  was  more 
gradual.  Over  the  next  few  weeks,  the  staff 
packed  up  the  contents  of  their  existing 
cubicles  and  transferred  them  to  cubicles 
in  the  Directlink  facility  Boscov’s  80  servers 
were  moved  a  few  weeks  later. 

“Office  functions  don’t  normally  get  used 
over  a  weekend,  so  we  waited  several 
weeks  and  picked  a  Saturday  morning  after 
everybody  had  recovered,”  Fbole  says. 

In  all,  a  project  that  normally  would  have 
taken  three  to  six  months  was  done  in  less 
than  two  months  without  a  major  outage. 
Fbole  says.  A  big  reason  is  that  Boscovs 
took  the  time  to  plan  the  move  carefully 
and  reassure  staff  along  the  way 

“When  it  gets  down  to  crunch  time, 
people  tend  to  get  a  little  nervous,  a  little 
upset,  and  there  is  a  great  feeling  they’re 
not  going  to  be  able  to  pull  it  off,”  Poole 
says.  “It’s  a  matter  of  reassuring  every¬ 
body  that  this  is  going  to  work. 
Management  has  to  have  the  positive  atti¬ 
tude.  When  you  know'  what  you’re  going 
to  do  and  you  know  the  pieces  are  in 
place.it  will  be  successful.”  E 
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Console  Ports  +  Power  Control  +  Dial-Up  Modem  =  1U 


Web  Browser  Interface 
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The  CMS-6R4  Console  Management  Switch  is  the  ultimate  tool  for  economical 
Remote  Network  Management.  Six  serial  ports  to  access  you  equipment’s  console 
ports,  Four  power  outlets  to  perform  remote  reboot  or  On/Off  control  plus  an  internal  modem 
with  dial-back  features  for  secure  out-of-band  access  -  all  in  a  space  saving  1 U  package!  System 
administrators  can  access  remote  devices  from  anywhere  via  telnet,  dial-up,  local  terminal  or  KVM  switch. 


Visit  Website  for  Complete  NetReach™  Product  Line 
(800)  854-7226  •  www.wti.com 
5  Sterling  •  Irvine  •  California  92618-2517 
(949)  586-9950  •  Fax:(949)  583-9514 


Web  Browser  Access  for  Easy  Setup  and  Operation 
Telnet,  Internal  Modem  and  Serial  Access 
Four  Individually  Switched  Power  Outlets 
Six  DB-9  Serial  Console  Ports 
Port  Specific  Password  Protection 
Dial-Back  Security  on  Modem  Port 
Requires  Only  One  Rack  Unit 
Non-Connect  Port  Buffering 
Data  Rate  Conversion 
120  VAC  Model  -  NEMA  5-15  Outlets 
208/240  VAC  Model  -  IEC320  Outlets 


5  Stedjog.  Irvine.  Ca.  92618  --  ws  com 


Yes,  We  are  Customer  Friendly! 

✓  Two  Year  Warranty 

✓  We  Stock  for  Same  Day  Shipment 

✓  30  Day  Return  Policy 

✓  Call  or  Email  for  an  Online  Demo 
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N  YOUR  REACH 


LOCAL  OR  REMOTE  SERVER 


NAGEMENT  SOLUTIONS 


UltraMatrix™ 

Remote 


■  MATRIX  KVM  SWITCH  WITH 

INTEGRATED  REMOTE  ACCESS  OVER  IP 


UltraMatrix™ 

E-series 


■  PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


KVM  OVER  IP 


KVM  SWITCH 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status  between  units 

in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 

Easy  to  expand 


The  u/traMatrij<.Rpmote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
pri&Vfcifes  a aS^re^tensiye  solution  for  remote  server  access  over  IP  and  local  as  well. 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as 
1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes:  2x4,  2x8,  2x16, 
4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform. 
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;.\r  ,‘RackViews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
• i^rver  rooms  and  multiple  computers. 

, .iTfie'llackView  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
'•dinyver  This  easy-glide  KVM  drawer  contains,  a  high-resolution  T FT/LCD  monitor,  a 
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yboard,  and  a  high-resolution  touchpad  or  optical  mouse. 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 
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XtendVue 

Vertical  Rack  mountable  LCD 
With  Built-in  KVM  Extender 


281  933  7673 
I4(0|  1264  850574 
65  6324  2322 
r6l7  3338  1540 


800-333-9343 

WWW.ROSE.COM 
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For  20  years,  companies  around  the  globe  have  trusted  Raritan  for  secure  out-of-band  access  and 
control  products.  Now  we're  broadening  our  portfolio  to  include  a  range  of  service  management 
solutions.  They  are  the  only  solutions  that  combine  the  power  of  systems,  network  and  proactive 
security  management  with  secure,  remote  access. 

If  you  manage  anywhere  from  10  to  2,500  desktops,  Raritan's  new  CommandCenter®  NOC  will  help  you 
to  increase  uptime,  spend  less  time  fighting  fires  and  focus  on  activities 

that  add  value  to  your  company's  bottom  line  —  part  of  the  future  of  IT  # 

infrastructure  management.  Learn  more  at  www.KVMplusMore.com.  -Slw- |%Q[^[ 

We  make  IT  simple.™ 

©  2006  Raritan,  Inc.  Raritan  and  CommandCenter  are  registered  trademarks  of  Raritan,  Inc. 
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Automate  Any  Environment 


Apcon  Intellapatch™  delivers  solutions  that  reduce  costs 
for  enterprise  and  test  lab  environments 


Enterprise: 

•  Reduce  packet  analyzer 
and  monitoring  costs 

•  Centrally  control  and 
distribute  packet  analyzers 

•  Enable  100%  network  visibility 

•  Remotely  control 
physical  connectivity 
of  monitoring  device 


,TM 


IntellaPatch 

Physical  Layer  Switches 


Test  Labs: 


•  Automate  networking  and 
software  test  labs 


Instantly  reconfigure  test  lab 
topologies 


•  Decrease  testing  time  and  cost 

•  Decrease  product  time 


to  market 


For  the  full  IntellaPatch  story,  click  www.apcon.com  or  call  1.800.624.6808. 
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Solutions  for  Networks 
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TAP  Into  Your  Network 

Only  a  TAP  can  provide  a  complete  copy  of  data  from  full-duplex  links  at  line  rate  for 
monitoring  devices.  Without  a  TAP,  a  monitoring  device  may  be  fed  incomplete  and 
misleading  information-creating  false  positives  and  overlooking  network  problems 
that  actually  do  exist.  Visit  www.networkTAPs.com/visibility  today. 


Copper  /iTAPs 

10/100 . $395 

10/100/1000 . $99?.....$795 


Copper  to  Optical 
Conversion  nTAPs 

SX  or  LX . 


$1,495 


Optical  nTAPs 

One-Channel . 539$  ....$295 

Two-Channel . J$79tf  ....$575 

Three-Channel  ....$  VHtf  ....$845 


To  learn  more  about  how  nTAPs  can  boost  your  network  visibility,  which  configuration  option 
is  best  for  you,  and  to  check  out  new  pricing  go  to  www.networkTAPs.com/visibility 
or  call  866-GET-nTAP  today.  Free  overnight  delivery* 


RE  C€ 


'Free  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  before  12  p.m.  Central  Time. 
nTAP  and  all  associated  logos  a'e  trademarks  or  registered  trademarks  of  Network  Instruments,  LIC. 
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Current  sniffer  can't  keep  up? 


Clear  out  problems  with  Observer  1 1 .  Now  with  enterprise  strength  VoIP  analysis.  New  features  include  an  enhanced 
VoIP  Expert,  Quality  Scoring,  Call  Detail  Records,  MultiHop  Analysis,  and  64-bit  Windows  support.  It's  time  to  reset  your  analyzer. 


NETWORK 

INSTRUMENTS 


Wired  to  wireless.  LAN  to  WAN.  One  network  -  complete  control. 


US  &  Canada  UK  &  Europe 

toll  free  800.526.5958  +44  (0)  1 959  569880 

www.networkinstruments.com/analyze 


enhanced  VoIP  support 


SENSAPHONE 

irviB 


Monitor  the  REST  of  your  Computer  Room! 

T* 


•  Water  on  the  Floor 

•  Temperature 

•  Power  Problems 

•  Security 

•  Smoke  and  Fire 

•  Humidity 

•  Video 

•  And  much  more 


Sends  Monitors  Embedded 

SNMP  64  Web 

Messages  IP  addresses  Server 


Power  Internal 

Outage  UPS 

Alarming 


Dealers  Wanted 


Power  Ethernet 
Control  Port 
Interlace 


|  Internal  Voice, 


Sensor  Inputs 

(Temperature.  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 

Expandable 


SENSAPHONE 

Tel:  f  77-373-2700 

901  Tryens  Road 

www.ims*4000  com 

Aston,  PA  19014 

info@recurrent.com 

3431  De  La  Cruz  Blvd,  Santa  Clara,  CA  95054  tickMUfMt.  lac. 
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Events  and  Executive  Forums 


Network  World  Events  and  Executive 
Forums  produces  educational  events 
and  executive  forums  worldwide, 
including  our  one  day  Technology  Tours, 
customized  on-site  training,  and  executive  forums  such  as  DEMO®, 
DEMOmotnle®,  and  VORTEX,  as  well  as  the  DEMOIetter  and  VORTEX 
Digest  newsletters.  For  complete  information  on  our  current  seminar 
offerings,  call  us  at  800-643  4668  or  go  to  www.networkworld.com/events. 


Publicize  your  press  coverage  in 
Network  World  by  ordering  reprints  of 
your  editorial  mentions.  Reprints 
make  great  marketing  materials  and 
are  available  in  quantities  of  500  and 
up.  To  order,  contact  Reprint 
Management  Services  at  (717)  399 
1900  x128  or  E-mail:  networkworld@repnntbuyer.com. 
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Technology  contents 


At  the  new  Minneapolis  Public  Library,  hardware  and  software  link  people  and  collections. 


Tech  feature: 

Vendor: 

Significance: 


Hands-free  voice 
communications 

Vocera  Communications 

With  a  badge  worn  on  a 
lanyard,  library  staff  can 
use  voice  commands  to 
place  a  call,  as  well  as  send 
and  receive  text  messages 
and  alerts. 


Automated  book¬ 
sorting  system 

FKI  Logistex 

The  system  scans 
returned  books  and 
distributes  them  via 
conveyor  belts  to  carts 
for  in-library  shelving  or 
to  bins  for  distribution  to 
branch  libraries. 


VoIP 

Mitel  Networks 

3300  IP  Communications 
Platform  is  an  IP-PBX  with 
unified  messaging,  auto¬ 
attendant  and  automatic 
call-distribution  features. 


Public  PCs 

Gateway 

PCs  bundle  hard-drive 
components  and  a  flat- 
panel  LCD  screen  in  a 
single,  space-saving 
device. 


Library 

continued  from  page  1 

Library.“We  had  to  put  every¬ 
thing  in  a  very  bouncy  truck  and 
move  it  to  the  new  building  in 
that  temperature.” 

The  only  casualty  was  a  small 
server  that  ran  the  library’s  touch- 
tone  renewal  system,  which  lets 
patrons  renew  books  over  the 
phone.  When  Kinsmith  extracted 
the  phone  board  from  the  dead 
server, she  found  it  wasn’t  com¬ 
patible  with  any  of  the  library’s 
newer  equipment.  So  her  team 
got  industrious.“One  of  my  staff 
had  an  old  computer  sitting  in 
his  garage.  He  brought  it  in  and 
got  the  board  to  work  on  it.” 

Fortunately  no  other  im¬ 
promptu  repairs  were  required. 
The  rest  of  the  gear  survived  the 
move  to  the  new  library,  which  is 
set  to  open  on  May  20. The 
353,OOOsquare-foot  building  is 
the  flagship  of  the  city’s  15-site 
public  library  system.  Designed 
by  architect  Cesar  Belli,  it  has  a 
five-story  glass  atrium  topped  by 
a  prominent  wing-like  extension 
that  juts  out  beyond  the  roofline 
and  over  two  city  streets. 

Inside,  the  $125  million  library 
is  laced  with  technologies  to 
make  the  city’s  physical  and 
digital  assets  accessible  to 
patrons.  There  are  300  desktops 
and  16  laptops  for  public  use, 
and  wireless  Internet  access  is 
available  throughout  the  build¬ 
ing.  Electronic  signage  and 
maps  are  linked  to  the  library’s 
digital  catalog  to  show  the 
locations  of  items. 

Eight  self-checkout  units  let 
patrons  check  out  books  on  their 
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own. There’s  also  a  book-sorting 
system  from  FKI  Logistex  that 
does  a  lot  of  the  heavy  lifting  for 
library  staff  —  a  group  made 
smaller  in  recent  years  because 
of  budget  constraints.  Akin  to 
sorting  systems  used  in  retail  dis¬ 
tribution  centers,  the  book- 
handler  reads  bar  codes  and 
routes  books  along  conveyor 
belts  to  the  proper  bin  or  push¬ 
cart,  depending  on  whether  a 
book  is  destined  for  in-house 
shelving  or  shipment  to  one  of 
the  other  city  libraries. 

“The  sorting  system  is  able  to 
sort  6,000  items  in  an  hour.  I  just 
say  that  number  and  think, 
yippee!”  says  Betsy  Williams, 
director  of  collection  and  techni¬ 
cal  services. 

New  building,  new  network 

Getting  into  the  new  facility 
required  the  library’s  IT  staff  to 
move  their  data  center  twice  — 
first  to  a  temporary  site  in  2002, 
then  into  the  new  building.  But 
the  effort  was  worth  it:  Con¬ 
struction  of  the  new  building  pro¬ 
vided  an  opportunity  to  upgrade 
the  telecom  infrastructure  that 
serves  the  city’s  entire  public 
library  system.There’s  a  new  net¬ 
work,  along  with  a  new  IP  phone 
system. 

“When  you  open  a  new  build¬ 
ing  like  this,  there’s  a  lot  of  antici¬ 
pation.  People  haven’t  had  access 
to  a  good  chunk  of  the  collection 
for  more  than  three  years,  and 
expectations  are  high.  We  real¬ 
ized  if  we’re  going  to  have  a  state- 
of-the-art  building,  we  need  to 
have  state-of-the-art  infrastruc¬ 
ture, ’’Williams  says. 

A  10Mbps  fiber  WAN  links  the 
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central  library  and  14  branches, 
replacing  1. 5Mbps  T-l  connec¬ 
tions  among  the  facilities.  At  the 
new  central  library  a  10Mbps 
connection  to  the  Internet  re¬ 
places  three  T-ls.“The  new  WAN 
is  something  our  staff  and 
patrons  greatly  appreciate  out  in 
the  branches,  where  it  could  take 
20  to  30  minutes  for  a  staff  com¬ 
puter  to  log  on  the  old  network,” 
Kinsmith  says. 

In  all  the  city’s  public  libraries, 
voice  calls  are  now  routed  over 
the  fiber  WAN  to  IP  phones.The 
backbone  is  Mitel  Networks’  3300 
IP  Communications  Platform,  an 
IP  PBX  with  unified  messaging, 
auto-attendant  and  automatic 
call  distribution  features. 

One  of  the  benefits  of  the  IP 
phones  is  their  portability, 
Kinsmith  says.  A  staff  member  re¬ 
locating  to  a  new  office  takes  the 
phone  to  a  different  desk,  plugs  it 
in,  and  the  system  recognizes  the 
user’s  new  location. 

Staff  in  the  central  library  have 
a  new  way  to  stay  connected 
when  they’re  away  from  their 
desks.  A  hands-free  voice  system 
from  Vocera  Communications 
operates  on  the  library’s  wireless 
network  and  lets  staff  send  and 
receive  calls,  text  messages  and 
alerts.  With  the  Vocera  devices  — 
which  weigh  less  than  2  ounces 
and  hang  from  lanyards  —  users 
can  contact  individuals  or  broad¬ 
cast  messages  to  predefined 
groups.They  can  use  voice  com¬ 
mands  to  initiate  a  call, such  as 
“Call  Tom  Smith.” 

The  Vocera  system  supports  the 
library’s  efforts  to  bring  staff  and 
patrons  closer.  Librarians  remain 
connected  with  each  other,  even 
when  they’re  scattered  among 
five  floors  and  2.4  million  books. 
“We’re  trying  to  interact  with  our 
patrons  by  spending  more  time 
away  from  the  desk  and  out  in 
the  building,  helping  people,” 


Kinsmith  says. 

Rolling  with  the  punch  list 

The  Vocera  system  wasn’t  part 
of  the  original  building  plans  — 
nor  was  the  802. 1 1  b  network  it 
uses.  In  the  early  planning  stages 
for  the  new  library  IT  staff  envi¬ 
sioned  a  limited  zone  for  wireless 
Internet  access.  But  as  the  build¬ 
ing  design  evolved, so  did  users’ 
wireless  expectations,  Williams 
says.The  result  is  buildingwide 
wireless  access  for  staff  and  pub¬ 
lic.  In  addition,  there  are  plans  to 
outfit  all  the  libraries  in  the  city 
system  with  wireless  networks  by 
year-end. 

IT  staff  had  to  deal  with  another 
unexpected  requirement:  Pro¬ 
viding  bandwidth  and  data  cen¬ 
ter  space  for  building  systems. 
“One  of  the  things  my  staff  and  1 
discovered  as  we  made  plans  to 
move  into  this  building  is  how 
much  of  the  building  controls 
are  wireless  and  how  many  of 
them  are  using  our  network,” 
Kinsmith  says. 

For  example,  the  thermostats 
are  wireless,  and  the  application 
that  controls  the  building’s  win¬ 
dow  shades  runs  on  a  server, she 
says.“This  building  is  controlled 
by  computers,  and  those  comput¬ 
ers  need  to  be  on  the  network 
somehoW 

Even  as  construction  neared 
completion,  the  surprises  kept 
coming. Two  months  before  the 
building  was  due  to  open,  Kin¬ 
smith  and  Williams  learned 
about  another  system  —  wireless 
docks  for  iPods  in  the  teen  center 
—  only  after  it  was  written  up  in 
the  local  Star  Tribune  newspaper. 

The  pair  takes  these  surprises  in 
stride,  laughing  about  how  a 
newspaper  reporter  knew  about 
the  library’s  plans  to  purchase 
the  iPod  docks  before  they  did. 

Part  of  the  reason  they  can 
laugh  is  because  they’ve  done 


their  job  well.The  infrastructure 
in  the  new  library  —  including 
raised  floors  that  make  cabling 
easily  accessible  —  is  designed 
to  accommodate  the  systems 
and  applications  that  emerge  as 
libraries  go  more  high-tech. 

“We  know  that  over  time  there 
may  be  fewer  books,  more  com¬ 
puters.  We  found  in  the  old  build¬ 
ing  that  we  couldn’t  add  comput¬ 
ers  because  of  the  cable  and 
wiring  issues, ’’Williams  says.“The 
last  thing  we  want  in  the  new 
building  is  to  be  held  back  by  an 
inflexible  infrastructure.” 

In  the  new  central  library, staff 
considered  physical  and  digital 
assets  when  configuring  the 
spaces.  Collections  are  laid  out 
around  technology  Williams  says. 
For  example,  books  related  to  a 
topic  such  as  genealogy  or 
American  history  are  laid  out  in 
clusters  along  with  meeting 
places  and  banks  of  computers 
that  are  stocked  with  related  Web 
content,  databases  and  digitized 
library  resources. 

Having  more  PCs  for  the  public 
to  use  and  greater  network 
capacity  are  key  to  make  these 
“learning  commons”  work.  “We 
have  greater  potential  for  down¬ 
loadable  audio  and  video. The 
service  we  can  provide  via  our 
Web  site  is  greatly  expanded,  and 
the  speed  with  which  it’s  deliv¬ 
ered  is  greatly  increased,” 
Williams  says. 

Not  only  is  the  tech  quotient 
higher  than  in  traditional 
libraries,  but  also  the  atmosphere 
is  more  relaxed.  A  patron  can 
borrow  a  laptop,  grab  a  cup  of 
coffee  from  the  Dunn  Bros,  coffee 
shop  on  the  ground  floor,  and 
find  a  spot  to  work  near  one  of 
the  library’s  four  fireplaces. Yes, 
coffee  and  soda  are  allowed  in 
the  library  as  long  as  they’re  in  a 
covered  container. This  is  not 
your  parents’  library  ■ 
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BACKSPIN 


Mark  Gibbs 


following  the  BackSpin 
i  column  “Darwin  and 
spam”  (www.nwdoc 
finder.com/3456),  I  got  a 
fair  amount  of  feedback. 

Reader  Brian  Fahrenheit  (a  pseudonym  because,  he 
claims,  his  letters  get  him  in  hot  water)  wrote:“Your  article 
on  spam  eradication  states  all  attempts  to  kill  spammers 
actually  contribute  to  their  survival. This  curious  phrasing 
of  Darwin’s  thesis  is  correct  if  spammers  have  the  means 
to  adapt  to  all  eradication  attempts.” 

Correct,  I  did  contend  that  attempts  at  getting  rid  of 
spammers  contribute  to  their  survival  but  it  is  their  sur¬ 
vival  collectively  not  individually  This  leads  to  Fahrenheit’s 
second  statement  that  my  phrasing  of  Darwins  thesis  is 
“curious.”  Darwinian  evolution  is  inherent  in  all  systems  of 
imperfectly  replicating  discrete  entities  that  compete  for 
resources  in  a  shared  finite  environment. 

Consider  frogs  breeding  happily  in  a  stream.  One  day 
arsenic  leaches  into  the  water.  Some  frogs  are  very  sensi¬ 
tive  and  die  off  producing  no  offspring,  while  less  sensitive 
ones  manage  to  produce  a  few  offspring  before  they  die. 

For  a  while  the  reproduction  rate  of  frogs  is  low,  but  the 
imperfect  copying  mechanism  eventually  produces  frogs 
that  can  tolerate  arsenic. The  new  version  of  the  frogs  starts 
to  reproduce  at  a  greater  rate  than  the  poorly  tolerant 


Evolving  to  be  better 

F 


ones,  and  in  a  few  generations  their  duplication  instruc¬ 
tions,  their  genome,  becomes  dominant.  Eventually  only 
arsenic-tolerant  frogs  will  be  in  the  stream. 

The  same  principles  apply  to  spammers:  Given  low 
doses  of  arsenic  ...  er,  sorry  being  whacked  out  of  exis¬ 
tence  by  laws,  a  few  spammers  eventually  will  appear  that 
are  capable  of  surviving  those  laws. 

Reader  Bob  Moulton  pointed  out  that  the  same  “princi¬ 
ple  applies  to  . . .  digital  rights  management  copy  protec¬ 
tion.  We’re  just  breeding  a  better  species  of  crackers.  Wit¬ 
ness  the  Starforce  protection  scheme,  which  was  cracked 
the  day  after  it  was  released.” 

You  might  argue  that  because  human  brains  full  of 
ideas,  emotions  and  a  desire  to  drink  tea  are  involved, 
Darwinian  forces  don’t  apply  but  just  consider:  Most  of  the 
guys  who  run  the  biggest  corporations  in  the  world  aren’t 
Einsteins.That’s  not  to  say  they  aren’t  really  smart,  just  that 
they  aren’t  the  smartest  folks  out  there,  but  they  are  the 
best  adapted  to  running  corporations. 

What  is  different  about  human  brains  is  that  the  ability 
to  spam  or  run  a  large  corporation  can  be  learned  and 
passed  on  by  teaching  or  by  example  to  those  who  are 
smart  enough.  Why  are  some  people  smart  enough? 
Darwinian  evolution  ensured  they  pick  up  ideas  and  skills 
effectively  —  something  that  in  the  physical  world  of 
thousands  of  years  ago  was  highly  survival-oriented.  And 


here’s  a  subtle  issue:  While  the  rewards  of  running  a  huge 
company  successfully  or  sending  out  lots  of  spam  are 
obvious  in  terms  of  financial  gain,  along  with  the  cash 
comes  biological  advantages. 

Ever  see  an  old,  rich,  fat  guy  with  an  attractive, young 
wife?  The  chances  are  high  that  his  genes,  which  we  know 
are  associated  with  a  high  level  of  survival  skills,  will  be 
passed  on.  Humans  are  adapted  to  recognize  such  clues 
because  they  are  survival-oriented,  which  is  what  evolu¬ 
tion  is  all  about. 

But  hackers  in  general  don’t  make  money  or  gain  repro¬ 
ductive  advantage,  so  is  their  evolution  Darwinian?  Sure  it 
is.  Moulton  gave  a  good  example:“Of  the  last  four  games 
[my  son]  bought . . .  two  were  great  and  two  were  dreck. 
At  $50+  a  pop  and  that  poor  a  good-to-junk  ratio,  the  game 
makers  (and  record/movie  companies)  are  just  giving 
crackers  and  sharers  incentives  not  to  pa/ 

In  any  human  activity  where  there  is  a  course  of  action 
with  a  great  enough  incentive,  humans  have  evolved  to  try 
to  take  advantage,  even  when  the  risk  is  relatively  great. The 
result  is  that  Darwinian-style  evolution  is  creating  humans 
who  get  better  at  anything  with  a  desirable  payoff,  whether 
it  be  spamming,  hacking  or  running  large  corporations. 

Stop  banging  the  rocks  together  and  write  to  backspin@ 
gibbs.com  or  post  on  Gibbsblog. 
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News,  insights  and  oddities 


More  blogging  off  the  cliff . . .  lawyer-style 


Paul  McNamara 


Here's  the  question  before  us  today:  Is  calling  a  lawyer 
an  extortionist  redundant ...  or  potentially  libelous? 

(Hint:  Only  one  of  the  choices  is  a  joke.) 

A  Marquette  University  Law  School  professor  named  Eric  Goldman  on  his  blog  calls 
a  highly  publicized  class-action  lawsuit  filed  against  Yahoo  last  week  a  "shakedown" 
and  those  who  brought  it  “extortionists.”  You  can  access  his  blog  through 
www.nwdocfinder.com/3443. 

Among  the  alleged  shakedown  artists  and  extortionists  are  five  law  firms  and  seven 
lawyers,  including  Ben  Edelman,  who  has  been  described  as  “the  most  respected" 
independent  adware  expert  on  the  Internet  by  no  less  an  authority  than  Network  World. 

I  have  no  idea  whether  the  lawsuit  will  prevail,  but  1  do  know  this  much:  Goldman’s 
characterization  of  those  responsible  for  it  would  never  have  made  it  past  any  editor  I 
know,  as  the  words  practically  scream  libel.  And  the  tale  may  prove  to  be  a  cautionary 
one  as  your  company  contemplates  jumping  on  the  blog  bandwagon. 

The  lawsuit  (www.nwdocfinder.com/3444)  contends  that  Yahoo  and  its  ad  sales  sub¬ 
sidiary,  Overture  Services,  promised  advertisers  who  paid  higher  fees  that  their  ads 
would  be  placed  on  "premium"  sites  such  as  CNN,  The  Wall  Street  Journal  —  and 
Yahoo.  However,  according  to  the  suit,  the  ads  also  were  distributed  via  spyware  and 
adware,  as  well  as  on  so-called  typo-squatting  sites  —  not  exactly  premium  venues. 

Goldman,  who  according  to  his  blog  "holds  leadership  positions  in  the  American  Bar 
Association  and  the  Computer  Law  Association,"  addresses  the  merits  of  the  suit  in  a 
generally  academic  fashion  before  winding  up  for  the  big  finish:  “These  lawsuits  are 
nothing  more  than  a  shakedown  for  cash,”  he  concludes.  "Even  unmeritorious  class- 
t  chon  lawsuits  are  expensive  to  defend,  so  the  plaintiffs'  lawyers  can  exploit  those 

costs  for  their  personal  largesse.They  can  make  this  argument  to  defendants: 
Settle  v  ith  me  for  a  fraction  of  your  total  expected  defense  costs,  and  we're  both  bet¬ 
ter  off  (defendants  save  some  defense  costs,  plaintiffs’  lawyers  grab  some  personal 
loot) - “it  may  be  cheaper  for  Yahoo  to  settle  than  fight,"  he  continues,  “but  I  hope 


Yahoo  doesn’t  reward  the  extortionists.  Extortion  shouldn’t  pay,  and  I  hope  the  plain¬ 
tiffs  find  this  out  the  hard  way.” 

Being  curious  more  than  anything  else,  I  sent  Goldman  an  e-mail  asking  how  he’d 
defend  his  use  of  that  language,  fully  expecting  to  receive  something  akin  to  back¬ 
tracking  in  response. 

"I  see  this  lawsuit  as  a  shakedown  for  cash,”  he  repeated  in  his  reply.  "I  see  that  pro¬ 
cess  as  synonymous  with  extortion.  See  Answers.com’s  definition  of  extortion:  The 
obtaining  of  property  from  another  induced  by  wrongful  use  of  actual  or  threatened 
force,  violence,  or  fear,  or  under  color  of  official  right.”' 

As  you  might  expect,  the  other  lawyers  Goldman  skewers  are  not  amused.  Here's  all 

Edelman  would  say:  “The  complaint  [against Yahoo]  speaks  for  itself _ Discussing 

Goldman's  defamatory  statements  unduly  dignifies  them." 

However,  another  of  the  plaintiff's  attorneys,  Thomas  More  Marrone  of  Feldman, 
Shepherd,  Wohlgelernter, Tanner  and  Weinstock  in  Philadelphia,  was  a  bit  more  expan¬ 
sive:  “[Goldman]  read  a  piece  of  paper  that  was  filed  in  court  and  he’s  making  an  accu¬ 
sation  of  criminal  activity,  which  I  just  think  is  irresponsible,”  Marrone  told  me.  “It’s  like 
a  guy  standing  on  a  street  corner  talking  to  his  friends,  except  he's  writing  it  down  and 
disseminating  it  to  hundreds,  thousands,  millions  of  people." 

But  is  it  more  than  irresponsible?  I  asked  Eric  Robinson,  a  staff  attorney  for  the 
Media  Law  Resource  Center,  who  said  he  couldn’t  comment  on  the  particulars  of  this 
situation,  but  offered  the  following  guidance:  “In  doing  a  quick  search,  I  found  court 
decisions  holding  both  ways  when  dealing  with  similar  accusations  of  ‘extortion,’” 
Robinson  said.  "The  legal  issue  would  likely  be  whether  the  statements  were  actual 
imputations  of  a  crime,  or  were  ‘rhetorical  hyperbole,'  essentially  a  statement  of  opin¬ 
ion,  not  of  fact.The  former  could  be  considered  libelous,  while  the  latter  could  not." 

Of  course,  hyperbole  is  the  eye  of  the  beholder . . .  or  juror. 

Go  ahead  and  call  me  any  name  you  want.  The  address  is  buzz@nww.com. 
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_DAY  49:  Things  are  out  of  control.  Our  system  is 
just  not  secure,  flexible  or  reliable  enough.  Gil 
bought  some  “infrastructure  bloodhounds”  online.  He 
says  they  can  sniff  out  any  problem. 

_DAY  50:  They  can’t.  But  IBM  Tivoli  Express  middleware 
can.  It’s  a  series  of  I.T.  management  solutions  designed 
and  priced  for  mid-sized  businesses.  Secure,  boosts 
uptime,  and  protects  our  data  with  automated  backups. 

We  even  got  help  customizing  and  implementing  it. 

_DAY  52:  Remind  Gil:  Bloodhounds  not  as  good  at  sniffing 
out  problems  as  they  are  at  chewing  Ethernet  cables. 


Tivoli.  Express 


Get  the  Guide  to  simple,  fast,  secure  I.T.  Management  ah 

IBM.COM/TAKEBACKCONTROL/SIMFlE 
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.INFRASTRUCTURE  LOG 


.DAY  16:  It  s  out  of  control.  It  takes  people  forever  to 
access. . .everything.  We  can’t  get  anything  done.  We’re  so 
inefficient.  There’s  got  to  be  a  better  way. 

.DAY  17:  Gil  says  he’s  found  one:  aerodynamic  bodysuits. 
He  says  everyone  will  be  able  to  work  faster  and  better  now. 

.DAY  21:  I’ve  taken  back  control  with  IBM  WebSphere 
Portal  a  simple  and  fast  start  to  a  service  oriented 
architecture.  It  works  with  what  we  have  and  integrates 
the  apps,  processes  and  info  our  people  need  to  do  their 
jobs  effectively.  Works  with  our  customers  and  suppliers, 
too.  Now  we  have  a  customizable  interface  that  puts 
everything  at  our  fingertips. 

.Productivity  is  up.  Gil  says  that’s  great,  but  he 
refuses  to  take  off  his  suit. 


WebSphere. 


Pori&l 


Download  IBM’s  WebSphere  Portal  ROI  Tool  at: 

IBM.COM/TAKEBACKCONTROL/PORTAL 


INFRASTRUCTURE  LOG 


_DAY  35:  Whoa!  Came  in  today  and  found  a  black  hole. 
Information  goes  in  but  doesn’t  come  out.  This  is  bad. 

_DAY  36:  The  black  hole  just  sucked  in  three  interns. 
HR  is  not  pleased. 

_DAY  38:  I’ve  taken  back  control  with  IBM  Information 
Management  middleware.  It’s  built  on  open  standards. 
Totally  scalable.  Seamlessly  unites  all  our  critical 
information,  whatever  its  source.  Now  our  info  has 
real  business  value  that  can  help  spur  growth. 


_We  got  everything  back  from  the  black  hole.  Except 
the  interns. 


Information  Management 


See  innovative  IBM  Info  Management  solutions  in  action: 

IBM.COM/TAKEBACKCONTROL/INFOMGMT 
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